ID: 47532 Updated by: rricha...@php.net Reported By: sgunderson at bigfoot dot com -Status: Open +Status: Wont fix Bug Type: DOM XML related Operating System: Debian PHP Version: 5.3CVS-2009-02-28 (snap) New Comment:
Changing this would break some long standing BC. The problem is really in setting the attribute value. The workaround for this is to use something like htmlspecialchars when setting a DOMAttr->value using another DOMAttr->value Previous Comments: ------------------------------------------------------------------------ [2009-02-28 16:13:54] sgunderson at bigfoot dot com Description: ------------ When you fetch the "value" field of a DOMAttribute, it seems to unescape any HTML (or perhaps XML?) entities present. However, when you set it, it does not get escaped. In other words, if you do "$attr->value = $attr->value" (which really should be a no-op!) as in the example below, you will get errors if it happened to contain &. Verified with PHP 5.2.6 and 5.3.0 snap (2008-02-28). Reproduce code: --------------- <?php $doc = new DOMDocument; $doc->loadXML('<html><element /></html>'); $elem = $doc->documentElement->firstChild; $attr = $doc->createAttribute("foo"); $attr->value = "foo&bar"; $attr->value = $attr->value; $elem->appendChild($attr); print $doc->saveXML(); ?> Expected result: ---------------- <?xml version="1.0"?> <html><element foo="foo&bar"/></html> Actual result: -------------- Warning: main(): unterminated entity reference bar in /home/sesse/test3.php on line 8 <?xml version="1.0"?> <html><element foo="foo"/></html> ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=47532&edit=1