From 97b4d7ca7f7edcedc2d9c113a60d827a967f2c5e Mon Sep 17 00:00:00 2001 From: xue <> Date: Sat, 27 Jan 2007 23:08:33 +0000 Subject: Fixed the bug that TXmlElement did not encode attribute and text values when being saved as a string --- HISTORY | 1 + framework/Xml/TXmlDocument.php | 20 ++++++++++++++++++-- 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/HISTORY b/HISTORY index df6f8560..dcf082dd 100644 --- a/HISTORY +++ b/HISTORY @@ -2,6 +2,7 @@ Version 3.1.0 beta to be released ================================= BUG: Ticket#517 - Quickstart I18N sample: conflicting module ID (Wei) BUG: Ticket#521 - comment tag on TActiveButton stop callback (Wei) +BUG: TXmlElement did not encode attribute and text values when being saved as a string (Qiang) ENH: Ticket#513 - Display last modified / revision in quickstart (Wei) ENH: Ticket#519 - Update TActiveRecord implementation (Wei) ENH: Added PRADO_CHMOD constant so that users can specify the permission of PRADO-created directories (Qiang) diff --git a/framework/Xml/TXmlDocument.php b/framework/Xml/TXmlDocument.php index cc5b40f9..b4293763 100644 --- a/framework/Xml/TXmlDocument.php +++ b/framework/Xml/TXmlDocument.php @@ -200,7 +200,10 @@ class TXmlElement extends TComponent if($this->_attributes!==null) { foreach($this->_attributes as $name=>$value) + { + $value=$this->xmlEncode($value); $attr.=" $name=\"$value\""; + } } $prefix=str_repeat(' ',$indent*4); if($this->getHasElement()) @@ -211,13 +214,26 @@ class TXmlElement extends TComponent $str.=$prefix."_tagName}>"; return $str; } - else if($this->getValue()!=='') + else if(($value=$this->getValue())!=='') { - return $prefix."<{$this->_tagName}$attr>{$this->_value}_tagName}>"; + $value=$this->xmlEncode($value); + return $prefix."<{$this->_tagName}$attr>$value_tagName}>"; } else return $prefix."<{$this->_tagName}$attr />"; } + + private function xmlEncode($str) + { + return strtr($str,array( + '>'=>'>', + '<'=>'<', + '&'=>'&', + '"'=>'"', + "\r"=>' ', + "\t"=>' ', + "\n"=>' ')); + } } /** -- cgit v1.2.3