#36795 [NEW]: Inappropriate "unterminated entity reference" in DOMElement->setAttribute

Sun, 19 Mar 2006 17:05:36 -0800 

From:             john at carney dot id dot au
Operating system: Windows/Linux
PHP version:      5.1.2
PHP Bug Type:     DOM XML related
Bug description:  Inappropriate "unterminated entity reference" in 
DOMElement->setAttribute

Description:
------------
While it is not specifically mentioned in the documentation,
DOMElement->setAttribute automatically escapes XML special characters in
the value parameter. Yet, as of PHP 5.1.2 it will throw an "unterminated
entity reference" warning if the supplied value contains an ampersand -
even if it is escaped.

As well as fixing the actual bug, the documentation needs to clarify
*exactly* how special characters in the inputs to this and other DOM
functions are treated. If you are going to silently escape input text, you
need to tell people so that they don't end up with stuff being
double-escaped.

Reproduce code:
---------------
$element->setAttribute ("anattr", "jack & jill") ;
$element->setAttribute ("anattr", "jack & jill") ;

Expected result:
----------------
No warnings should be thrown.

Actual result:
--------------
BOTH calls to setAttribute throw an "unterminated entity reference"
warning.

-- 
Edit bug report at http://bugs.php.net/?id=36795&edit=1
-- 
Try a CVS snapshot (PHP 4.4): 
http://bugs.php.net/fix.php?id=36795&r=trysnapshot44
Try a CVS snapshot (PHP 5.1): 
http://bugs.php.net/fix.php?id=36795&r=trysnapshot51
Try a CVS snapshot (PHP 6.0): 
http://bugs.php.net/fix.php?id=36795&r=trysnapshot60
Fixed in CVS:                 http://bugs.php.net/fix.php?id=36795&r=fixedcvs
Fixed in release:             
http://bugs.php.net/fix.php?id=36795&r=alreadyfixed
Need backtrace:               http://bugs.php.net/fix.php?id=36795&r=needtrace
Need Reproduce Script:        http://bugs.php.net/fix.php?id=36795&r=needscript
Try newer version:            http://bugs.php.net/fix.php?id=36795&r=oldversion
Not developer issue:          http://bugs.php.net/fix.php?id=36795&r=support
Expected behavior:            http://bugs.php.net/fix.php?id=36795&r=notwrong
Not enough info:              
http://bugs.php.net/fix.php?id=36795&r=notenoughinfo
Submitted twice:              
http://bugs.php.net/fix.php?id=36795&r=submittedtwice
register_globals:             http://bugs.php.net/fix.php?id=36795&r=globals
PHP 3 support discontinued:   http://bugs.php.net/fix.php?id=36795&r=php3
Daylight Savings:             http://bugs.php.net/fix.php?id=36795&r=dst
IIS Stability:                http://bugs.php.net/fix.php?id=36795&r=isapi
Install GNU Sed:              http://bugs.php.net/fix.php?id=36795&r=gnused
Floating point limitations:   http://bugs.php.net/fix.php?id=36795&r=float
No Zend Extensions:           http://bugs.php.net/fix.php?id=36795&r=nozend
MySQL Configuration Error:    http://bugs.php.net/fix.php?id=36795&r=mysqlcfg

Reply via email to