-
-
Save ndm2/ba4fdd444eb9753e23e4bbff53eccf88 to your computer and use it in GitHub Desktop.
Index: src/Utility/Xml.php | |
IDEA additional info: | |
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP | |
<+>UTF-8 | |
=================================================================== | |
--- src/Utility/Xml.php (date 1533778910000) | |
+++ src/Utility/Xml.php (date 1533854824127) | |
@@ -341,7 +341,7 @@ | |
$format = $data['format']; | |
$node = $data['node']; | |
- $childNS = $childValue = null; | |
+ $childNS = $childValue = $isCdata = null; | |
if (is_object($value) && method_exists($value, 'toArray') && is_callable([$value, 'toArray'])) { | |
$value = call_user_func([$value, 'toArray']); | |
} | |
@@ -350,6 +350,11 @@ | |
$childValue = (string)$value['@']; | |
unset($value['@']); | |
} | |
+ if (isset($value['!'])) { | |
+ $childValue = (string)$value['!']; | |
+ $isCdata = true; | |
+ unset($value['!']); | |
+ } | |
if (isset($value['xmlns:'])) { | |
$childNS = $value['xmlns:']; | |
unset($value['xmlns:']); | |
@@ -360,7 +365,11 @@ | |
$child = $dom->createElement($key); | |
if ($childValue !== null) { | |
- $child->appendChild($dom->createTextNode($childValue)); | |
+ if (!$isCdata) { | |
+ $child->appendChild($dom->createTextNode($childValue)); | |
+ } else { | |
+ $child->appendChild($dom->createCDATASection($childValue)); | |
+ } | |
} | |
if ($childNS) { | |
$child->setAttribute('xmlns', $childNS); |
I understand, but I'm not sure if I could work it into the code correctly :)
As far as safety is concerned, the current implementation in the core should be fine, special characters should automatically be entity encoded. Do you possibly have a specific use case where invalid characters slip through?
You're right, HTML characters are converted into entities... The question is if it's OK, if I wanted to import this data from XML into the database, I already have them changed as entities. It's not the kind of HTML I'd like to have stored in the database. Therefore, if it is in CDATA, it can contain all HTML without entities.
An XML processor must expand entities and character references, meaning when reading the XML document and extracting data from it, you should get back the original plain text.
Thanks for the explanation, so it's correct.
I'm not sure what this Gist was for, probably just an example, it shouldn't go into the core as-is! In case that was your question? It would need proper handling in
_fromArray()
as well as in_createChild()
.