From 0a7c265ecd702e1b85a7ebc83533a68880394379 Mon Sep 17 00:00:00 2001 From: konrad Date: Sat, 29 Nov 2008 11:32:16 +0000 Subject: [PATCH] fix: PHP DOM does not automatically replace ampersand, wrapped all calls to createElement in xq new function: xq replaces special characters for transport in XML git-svn-id: https://silmor.de/svn/softmagic/smoke/trunk@201 6e3c4bff-ac9f-4ac1-96c5-d2ea494d3e33 --- www/inc/classes/customer.php | 6 +++--- www/inc/classes/event.php | 10 +++++----- www/inc/classes/order.php | 8 ++++---- www/inc/classes/room.php | 2 +- www/inc/machine/session.php | 4 ++-- www/inc/tr.php | 4 ++++ 6 files changed, 19 insertions(+), 15 deletions(-) diff --git a/www/inc/classes/customer.php b/www/inc/classes/customer.php index 16cf55b..f7bf04d 100644 --- a/www/inc/classes/customer.php +++ b/www/inc/classes/customer.php @@ -245,9 +245,9 @@ function getCustomerXml($cid) $cs=$xml->createElement("Customer"); $cs->setAttribute("id",$res[0]["customerid"]); $cs->setAttribute("name",$res[0]["name"]); - $cs->appendChild($xml->createElement("Address",$res[0]["address"])); - $cs->appendChild($xml->createElement("Contact",$res[0]["contact"])); - $cs->appendChild($xml->createElement("Comment",$res[0]["comments"])); + $cs->appendChild($xml->createElement("Address",xq($res[0]["address"]))); + $cs->appendChild($xml->createElement("Contact",xq($res[0]["contact"]))); + $cs->appendChild($xml->createElement("Comment",xq($res[0]["comments"]))); $res=$db->select("webuser","email","customerid=".$db->escapeInt($cid)); if(count($res)>0) $cs->setAttribute("mail",$res[0]["email"]); diff --git a/www/inc/classes/event.php b/www/inc/classes/event.php index 31059ae..d441ed0 100644 --- a/www/inc/classes/event.php +++ b/www/inc/classes/event.php @@ -43,7 +43,7 @@ function getAllEventsXml() $root=$xml->createElement("EventList"); if(count($all)>0) foreach($all as $k => $ev){ - $nod=$xml->createElement("Event",$ev["title"]); + $nod=$xml->createElement("Event",xq($ev["title"])); //set direct attributes $nod->setAttribute("id",$ev["eventid"]); $nod->setAttribute("start",$ev["starttime"]); @@ -199,12 +199,12 @@ function getEventsXml($evts) $nod->setAttribute("capacity",$ev->getCapacity()); $nod->setAttribute("defaultprice",$ev->getDefaultPrice()); $nod->setAttribute("cancelled",$ev->isCancelled()?"true":"false"); - $nod->appendChild($xml->createElement("Title",$ev->getTitle())); - $nod->appendChild($xml->createElement("Artist",$ev->getArtist())); + $nod->appendChild($xml->createElement("Title",xq($ev->getTitle()))); + $nod->appendChild($xml->createElement("Artist",xq($ev->getArtist()))); $nod->appendChild($xml->createElement("Room",$ev->getRoomId())); - $nod->appendChild($xml->createElement("Description",$ev->getDescription())); + $nod->appendChild($xml->createElement("Description",xq($ev->getDescription()))); if($ev->isCancelled()) - $nod->appendChild($xml->createElement("CancelReason",$ev->getCancelReason())); + $nod->appendChild($xml->createElement("CancelReason",xq($ev->getCancelReason()))); $root->appendChild($nod); } $xml->appendChild($root); diff --git a/www/inc/classes/order.php b/www/inc/classes/order.php index e5340b3..7377551 100644 --- a/www/inc/classes/order.php +++ b/www/inc/classes/order.php @@ -456,8 +456,8 @@ class Order //add other data and dump XML if($dumpxml){ - $ord->appendChild($xml->createElement("DeliveryAddress",$this->deliveryaddress)); - $ord->appendChild($xml->createElement("Comment",$this->comment)); + $ord->appendChild($xml->createElement("DeliveryAddress",xq($this->deliveryaddress))); + $ord->appendChild($xml->createElement("Comment",xq($this->comment))); $ord->setAttribute("status",$ostat); $ord->setAttribute("totalprice",$totalprice); $xml->appendChild($ord); @@ -550,8 +550,8 @@ class Order $doc->setAttribute("totalprice",$totalprice); //add static fields - $doc->appendChild($xml->createElement("DeliveryAddress",$this->deliveryaddress)); - $doc->appendChild($xml->createElement("Comment",$this->comment)); + $doc->appendChild($xml->createElement("DeliveryAddress",xq($this->deliveryaddress))); + $doc->appendChild($xml->createElement("Comment",xq($this->comment))); //dump $xml->appendChild($doc); diff --git a/www/inc/classes/room.php b/www/inc/classes/room.php index 40daa21..aa178c1 100644 --- a/www/inc/classes/room.php +++ b/www/inc/classes/room.php @@ -33,7 +33,7 @@ function getRoomsXml($xmldata) $room->setAttribute("capacity",$rm["capacity"]); $id=$xml->createElement("ID",$rm["roomid"]); $room->appendChild($id); - $des=$xml->createElement("Description",$rm["description"]); + $des=$xml->createElement("Description",xq($rm["description"])); $room->appendChild($des); $root->appendChild($room); } diff --git a/www/inc/machine/session.php b/www/inc/machine/session.php index f9be6ca..94f96a9 100644 --- a/www/inc/machine/session.php +++ b/www/inc/machine/session.php @@ -277,7 +277,7 @@ function getAllUsersXml() $dom=new DomDocument; $root=$dom->createElement("Users"); for($i=0;$icreateElement("User",$res[$i]["description"]); + $usr=$dom->createElement("User",xq($res[$i]["description"])); $usr->setAttributeNode(new DOMAttr("name",$res[$i]["uname"])); $root->appendChild($usr); } @@ -501,7 +501,7 @@ function addUserXml($txt) //create new $db->insert("users",array("uname"=>$usr[$i]["name"],"description"=>$usr[$i]["descr"],"passwd"=>$usr[$i]["passwd"])); //print data - $udm=$dom->createElement("User",$usr[$i]["descr"]); + $udm=$dom->createElement("User",xq($usr[$i]["descr"])); $udm->setAttributeNode(new DOMAttr("name",$usr[$i]["name"])); $root->appendChild($udm); } diff --git a/www/inc/tr.php b/www/inc/tr.php index cc67ef0..92dbaf7 100644 --- a/www/inc/tr.php +++ b/www/inc/tr.php @@ -18,4 +18,8 @@ function tr($str,$comment=""){return $str;} /** translate() also takes a context*/ function translate($context,$str,$comment=""){return $str;} + +/**XML translation: & -> &, < -> < etc.pp.*/ +function xq($str){return htmlspecialchars($str,ENT_NOQUOTES,"UTF-8");} + ?> \ No newline at end of file -- 1.7.2.5