From e0d34d59ae836b7ff75fb7cbf5b45b710a5a075e Mon Sep 17 00:00:00 2001 From: Tim Otten Date: Thu, 7 May 2015 17:44:59 -0700 Subject: [PATCH] CRM-16360 - CiviCase XML - Escape ampersand --- CRM/Case/BAO/CaseType.php | 25 +++++++++++++++---- tests/phpunit/CRM/Case/BAO/CaseTypeTest.php | 2 +- .../CRM/Case/BAO/xml/one-item-in-each.xml | 2 +- 3 files changed, 22 insertions(+), 7 deletions(-) diff --git a/CRM/Case/BAO/CaseType.php b/CRM/Case/BAO/CaseType.php index 00fa4f2fd5..cc512a2a6d 100644 --- a/CRM/Case/BAO/CaseType.php +++ b/CRM/Case/BAO/CaseType.php @@ -115,7 +115,7 @@ class CRM_Case_BAO_CaseType extends CRM_Case_DAO_CaseType { */ public static function convertDefinitionToXML($name, $definition) { $xmlFile = '' . "\n\n\n"; - $xmlFile .= "{$name}\n"; + $xmlFile .= "" . self::encodeXmlString($name) . "\n"; if (array_key_exists('forkable', $definition)) { $xmlFile .= "" . ((int) $definition['forkable']) . "\n"; @@ -126,7 +126,7 @@ class CRM_Case_BAO_CaseType extends CRM_Case_DAO_CaseType { foreach ($definition['activityTypes'] as $values) { $xmlFile .= "\n"; foreach ($values as $key => $value) { - $xmlFile .= "<{$key}>{$value}\n"; + $xmlFile .= "<{$key}>" . self::encodeXmlString($value) . "\n"; } $xmlFile .= "\n"; } @@ -145,7 +145,7 @@ class CRM_Case_BAO_CaseType extends CRM_Case_DAO_CaseType { foreach ($setVal as $values) { $xmlFile .= "\n"; foreach ($values as $key => $value) { - $xmlFile .= "<{$key}>{$value}\n"; + $xmlFile .= "<{$key}>" . self::encodeXmlString($value) . "\n"; } $xmlFile .= "\n"; } @@ -161,7 +161,7 @@ class CRM_Case_BAO_CaseType extends CRM_Case_DAO_CaseType { break; default: - $xmlFile .= "<{$index}>{$setVal}\n"; + $xmlFile .= "<{$index}>" . self::encodeXmlString($setVal) . "\n"; } } @@ -176,7 +176,7 @@ class CRM_Case_BAO_CaseType extends CRM_Case_DAO_CaseType { foreach ($definition['caseRoles'] as $values) { $xmlFile .= "\n"; foreach ($values as $key => $value) { - $xmlFile .= "<{$key}>{$value}\n"; + $xmlFile .= "<{$key}>" . self::encodeXmlString($value) . "\n"; } $xmlFile .= "\n"; } @@ -187,6 +187,21 @@ class CRM_Case_BAO_CaseType extends CRM_Case_DAO_CaseType { return $xmlFile; } + /** + * Ugh. This shouldn't exist. Use a real XML-encoder. + * + * Escape a string for use in XML. + * + * @param string $str + * A string which should outputted to XML. + * @return string + * @deprecated + */ + protected static function encodeXmlString($str) { + // PHP 5.4: return htmlspecialchars($str, ENT_XML1, 'UTF-8') + return htmlspecialchars($str); + } + /** * Get the case definition either from db or read from xml file. * diff --git a/tests/phpunit/CRM/Case/BAO/CaseTypeTest.php b/tests/phpunit/CRM/Case/BAO/CaseTypeTest.php index a982911e2e..646312b54b 100644 --- a/tests/phpunit/CRM/Case/BAO/CaseTypeTest.php +++ b/tests/phpunit/CRM/Case/BAO/CaseTypeTest.php @@ -30,7 +30,7 @@ class CRM_Case_BAO_CaseTypeTest extends CiviUnitTestCase { $fixtures['one-item-in-each'] = array( 'json' => json_encode(array( 'activityTypes' => array( - array('name' => 'First act (foréign éxamplé)'), + array('name' => 'First act (foréign éxamplé, &c)'), ), 'activitySets' => array( array( diff --git a/tests/phpunit/CRM/Case/BAO/xml/one-item-in-each.xml b/tests/phpunit/CRM/Case/BAO/xml/one-item-in-each.xml index d5c9dbec81..2445273761 100644 --- a/tests/phpunit/CRM/Case/BAO/xml/one-item-in-each.xml +++ b/tests/phpunit/CRM/Case/BAO/xml/one-item-in-each.xml @@ -3,7 +3,7 @@ Housing Support - First act (foréign éxamplé) + First act (foréign éxamplé, &c) -- 2.25.1