diff options
| -rw-r--r-- | HISTORY | 1 | ||||
| -rw-r--r-- | framework/Xml/TXmlDocument.php | 20 |
2 files changed, 19 insertions, 2 deletions
@@ -2,6 +2,7 @@ Version 3.1.0 beta to be released ================================= BUG: Ticket#517 - Quickstart I18N sample: conflicting module ID (Wei) BUG: Ticket#521 - comment tag on TActiveButton stop callback (Wei) +BUG: TXmlElement did not encode attribute and text values when being saved as a string (Qiang) ENH: Ticket#513 - Display last modified / revision in quickstart (Wei) ENH: Ticket#519 - Update TActiveRecord implementation (Wei) ENH: Added PRADO_CHMOD constant so that users can specify the permission of PRADO-created directories (Qiang) diff --git a/framework/Xml/TXmlDocument.php b/framework/Xml/TXmlDocument.php index cc5b40f9..b4293763 100644 --- a/framework/Xml/TXmlDocument.php +++ b/framework/Xml/TXmlDocument.php @@ -200,7 +200,10 @@ class TXmlElement extends TComponent if($this->_attributes!==null) { foreach($this->_attributes as $name=>$value) + { + $value=$this->xmlEncode($value); $attr.=" $name=\"$value\""; + } } $prefix=str_repeat(' ',$indent*4); if($this->getHasElement()) @@ -211,13 +214,26 @@ class TXmlElement extends TComponent $str.=$prefix."</{$this->_tagName}>"; return $str; } - else if($this->getValue()!=='') + else if(($value=$this->getValue())!=='') { - return $prefix."<{$this->_tagName}$attr>{$this->_value}</{$this->_tagName}>"; + $value=$this->xmlEncode($value); + return $prefix."<{$this->_tagName}$attr>$value</{$this->_tagName}>"; } else return $prefix."<{$this->_tagName}$attr />"; } + + private function xmlEncode($str) + { + return strtr($str,array( + '>'=>'>', + '<'=>'<', + '&'=>'&', + '"'=>'"', + "\r"=>'
', + "\t"=>'	', + "\n"=>'
')); + } } /** |