class\xml\rpc\xmlrpctag problem with encode #419

alain91 · 2015-10-11T11:20:49Z

if we give string like '&' as input the encode method returns '&' and not #||amp||#

it seems that the replace is treated twice.

What does this method as to be clarified as it is only a one way of replacing.

    public function encode(&$text)
    {
        $text = preg_replace(array("/\&([a-z\d\#]+)\;/i", "/\&/", "/\#\|\|([a-z\d\#]+)\|\|\#/i"),
            array("#||\\1||#", "&amp;", "&\\1;"), str_replace(array("<", ">"), array("&lt;", "&gt;"), $text));
        return $text;
    }

Replace old and likely faulty (XOOPS#419) regex based escape of XML unsafe or illegal characters with more recent PHP built in.

geekwright · 2015-10-11T16:30:22Z

The xmlrpc code shows its age in lots of ways, and this function is one of them. A replacement is in the pipeline. The unit test needs to be reviewed, as the whole function was replaced with a standards based PHP internal function. It looks possibly like some double encoding work around was used, but it doesn't seem to be standard, so it was ignored.

geekwright added a commit to geekwright/XoopsCore that referenced this issue Oct 11, 2015

Update XML escape

0f592c4

Replace old and likely faulty (XOOPS#419) regex based escape of XML unsafe or illegal characters with more recent PHP built in.

geekwright mentioned this issue Oct 11, 2015

Update XML Escape #420

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

class\xml\rpc\xmlrpctag problem with encode #419

class\xml\rpc\xmlrpctag problem with encode #419

alain91 commented Oct 11, 2015

geekwright commented Oct 11, 2015

class\xml\rpc\xmlrpctag problem with encode #419

class\xml\rpc\xmlrpctag problem with encode #419

Comments

alain91 commented Oct 11, 2015

geekwright commented Oct 11, 2015