Bugfix for addChild values with "special chars".

ddebin · ddebin · commit 6effff73822d · 2021-10-07T11:25:41.000+02:00
diff --git a/src/AbstractElement.php b/src/AbstractElement.php
@@ -141,7 +141,7 @@ public function addContributor(string $name, ?string $email = null, ?string $uri
 
     public function addChildrenTo(SimpleXMLElement $parent): void
     {
-        $parent->addChild('id', $this->id);
+        $parent->addChild('id', htmlspecialchars($this->id));
 
         self::addChildWithTypeToElement($parent, 'title', $this->title, $this->titleType);
 
@@ -170,7 +170,7 @@ public function addChildrenTo(SimpleXMLElement $parent): void
             foreach ($elements as $element) {
                 $child = $parent->addChild($type);
                 foreach ($element as $name => $attribute) {
-                    $child->addChild($name, $attribute);
+                    $child->addChild($name, htmlspecialchars($attribute));
                 }
             }
         }
@@ -205,7 +205,7 @@ protected static function addChildWithTypeToElement(SimpleXMLElement $parent, st
                 $element = $parent->addChild($name);
                 self::addCData($data, $element);
             } else {
-                $element = $parent->addChild($name, $data);
+                $element = $parent->addChild($name, htmlspecialchars($data));
             }
         } else {
             $element = $parent->addChild($name);
diff --git a/src/Feed.php b/src/Feed.php
@@ -135,19 +135,19 @@ public function addChildrenTo(SimpleXMLElement $parent): void
         parent::addChildrenTo($parent);
 
         if (null !== $this->subtitle) {
-            $parent->addChild('subtitle', $this->subtitle);
+            $parent->addChild('subtitle', htmlspecialchars($this->subtitle));
         }
 
         if (null !== $this->logo) {
-            $parent->addChild('logo', $this->logo);
+            $parent->addChild('logo', htmlspecialchars($this->logo));
         }
 
         if (null !== $this->icon) {
-            $parent->addChild('icon', $this->icon);
+            $parent->addChild('icon', htmlspecialchars($this->icon));
         }
 
         if (null !== $this->generator) {
-            $generator = $parent->addChild('generator', $this->generator);
+            $generator = $parent->addChild('generator', htmlspecialchars($this->generator));
             if (null !== $this->generatorVersion) {
                 $generator->addAttribute('version', $this->generatorVersion);
             }
@@ -157,7 +157,7 @@ public function addChildrenTo(SimpleXMLElement $parent): void
         }
 
         foreach ($this->customElements as $customElement) {
-            $element = $parent->addChild($customElement['name'], $customElement['value'], $customElement['uri']);
+            $element = $parent->addChild($customElement['name'], htmlspecialchars($customElement['value']), $customElement['uri']);
             foreach ($customElement['attributes'] as $name => $value) {
                 $element->addAttribute($name, $value);
             }
@@ -180,7 +180,7 @@ public function getSimpleXML(): SimpleXMLElement
 
         $attributesString = '';
         foreach ($attributes as $name => $attribute) {
-            $attributesString .= " {$name}=\"{$attribute}\"";
+            $attributesString .= ' '.$name.'="'.htmlspecialchars($attribute).'"';
         }
 
         $xml = new SimpleXMLElement('<?xml version="1.0" encoding="utf-8"?><feed xmlns="http://www.w3.org/2005/Atom"'.$attributesString.' />');
diff --git a/tests/FeedTest.php b/tests/FeedTest.php
@@ -26,18 +26,18 @@ public function testFeedCreation1(): void
     {
         $feed = new Feed();
         $feed->setTitle('title');
-        $feed->addAuthor('author', 'author@test.com', 'http://test.com/author');
-        $feed->addAuthor('author', 'author@test.com', 'http://test.com/author');
+        $feed->addAuthor('author', 'author@test.com', 'http://test.com/author?a=b&c=d');
+        $feed->addAuthor('author', 'author@test.com', 'http://test.com/author?a=b&c=d');
         $feed->setRights('©2019');
-        $feed->addLink('http://test.com/link', 'via', 'text/html');
+        $feed->addLink('http://test.com/link?a=b&c=d', 'via', 'text/html');
         $feed->addCategory('term', 'http://scheme.com', 'label');
         $feed->setId('tag:test');
         $feed->setLanguage('en');
-        $feed->setIconUri('http://test.com/icon');
-        $feed->setLogoUri('http://test.com/logo');
-        $feed->setSubtitle('subtitle');
-        $feed->setGenerator('generator', 'http://test.com/generator', 'version');
-        $feed->addContributor('contributor', 'contributor@test.com', 'http://test.com/contributor');
+        $feed->setIconUri('http://test.com/icon?a=b&c=d');
+        $feed->setLogoUri('http://test.com/logo?a=b&c=d');
+        $feed->setSubtitle('subtitle & co');
+        $feed->setGenerator('generator', 'http://test.com/generator?a=b&c=d', 'version');
+        $feed->addContributor('contributor', 'contributor@test.com', 'http://test.com/contributor?a=b&c=d');
         $feed->setUpdatedDateTime(new DateTime('2019-05-04T20:00:40Z'));
         $feed->addCustomElement('sy', 'http://purl.org/rss/1.0/modules/syndication', 'updatePeriod', 'hourly');
         $feed->addCustomElement('sy', 'http://purl.org/rss/1.0/modules/syndication', 'updateFrequency', 10);
@@ -136,19 +136,19 @@ public function testFeedCreation4(): void
     {
         $sourceFeed = new Feed();
         $sourceFeed->setTitle('source title');
-        $sourceFeed->setId('tag:source');
+        $sourceFeed->setId('https://test.com/source?a=b&c=d');
         $sourceFeed->setUpdatedDateTime(new DateTime('2019-03-04T20:00:40Z'));
 
         $feed = new Feed();
         $feed->setTitle('title');
-        $feed->setId('tag:test');
+        $feed->setId('https://test.com/feed?a=b&c=d');
         $feed->setUpdatedDateTime(new DateTime('2019-05-04T20:00:40Z'));
 
         $entry = new Entry();
         $entry->setTitle('entry title', 'html');
-        $entry->setId('tag:entry-test');
+        $entry->setId('https://test.com/entry?a=b&c=d');
         $entry->setContent(null);
-        $entry->addLink('http://alternate.com', 'alternate');
+        $entry->addLink('http://alternate.com?a=b&c=d', 'alternate');
         $entry->setUpdatedDateTime(new DateTime('2019-05-04T21:00:40Z'));
         $entry->setSource($sourceFeed);
 
diff --git a/tests/feed_1.xml b/tests/feed_1.xml
@@ -5,26 +5,26 @@
   <updated>2019-05-04T20:00:40+00:00</updated>
   <rights>©2019</rights>
   <category term="term" scheme="http://scheme.com" label="label"/>
-  <link href="http://test.com/link" rel="via" type="text/html"/>
+  <link href="http://test.com/link?a=b&amp;c=d" rel="via" type="text/html"/>
   <author>
     <name>author</name>
     <email>author@test.com</email>
-    <uri>http://test.com/author</uri>
+    <uri>http://test.com/author?a=b&amp;c=d</uri>
   </author>
   <author>
     <name>author</name>
     <email>author@test.com</email>
-    <uri>http://test.com/author</uri>
+    <uri>http://test.com/author?a=b&amp;c=d</uri>
   </author>
   <contributor>
     <name>contributor</name>
     <email>contributor@test.com</email>
-    <uri>http://test.com/contributor</uri>
+    <uri>http://test.com/contributor?a=b&amp;c=d</uri>
   </contributor>
-  <subtitle>subtitle</subtitle>
-  <logo>http://test.com/logo</logo>
-  <icon>http://test.com/icon</icon>
-  <generator version="version" uri="http://test.com/generator">generator</generator>
+  <subtitle>subtitle &amp; co</subtitle>
+  <logo>http://test.com/logo?a=b&amp;c=d</logo>
+  <icon>http://test.com/icon?a=b&amp;c=d</icon>
+  <generator version="version" uri="http://test.com/generator?a=b&amp;c=d">generator</generator>
   <sy:updatePeriod>hourly</sy:updatePeriod>
   <sy:updateFrequency>10</sy:updateFrequency>
   <entry>
diff --git a/tests/feed_4.xml b/tests/feed_4.xml
@@ -1,15 +1,15 @@
 <?xml version="1.0" encoding="utf-8"?>
 <feed xmlns="http://www.w3.org/2005/Atom">
-  <id>tag:test</id>
+  <id>https://test.com/feed?a=b&amp;c=d</id>
   <title>title</title>
   <updated>2019-05-04T20:00:40+00:00</updated>
   <entry>
-    <id>tag:entry-test</id>
+    <id>https://test.com/entry?a=b&amp;c=d</id>
     <title type="html"><![CDATA[entry title]]></title>
     <updated>2019-05-04T21:00:40+00:00</updated>
-    <link href="http://alternate.com" rel="alternate"/>
+    <link href="http://alternate.com?a=b&amp;c=d" rel="alternate"/>
     <source>
-      <id>tag:source</id>
+      <id>https://test.com/source?a=b&amp;c=d</id>
       <title>source title</title>
       <updated>2019-03-04T20:00:40+00:00</updated>
     </source>

Original file line number	Diff line number	Diff line change
`@@ -141,7 +141,7 @@ public function addContributor(string $name, ?string $email = null, ?string $uri`
`141`	`141`
`142`	`142`	`public function addChildrenTo(SimpleXMLElement $parent): void`
`143`	`143`	`{`
`144`		`- $parent->addChild('id', $this->id);`
	`144`	`+ $parent->addChild('id', htmlspecialchars($this->id));`
`145`	`145`
`146`	`146`	`self::addChildWithTypeToElement($parent, 'title', $this->title, $this->titleType);`
`147`	`147`
`@@ -170,7 +170,7 @@ public function addChildrenTo(SimpleXMLElement $parent): void`
`170`	`170`	`foreach ($elements as $element) {`
`171`	`171`	`$child = $parent->addChild($type);`
`172`	`172`	`foreach ($element as $name => $attribute) {`
`173`		`- $child->addChild($name, $attribute);`
	`173`	`+ $child->addChild($name, htmlspecialchars($attribute));`
`174`	`174`	`}`
`175`	`175`	`}`
`176`	`176`	`}`
`@@ -205,7 +205,7 @@ protected static function addChildWithTypeToElement(SimpleXMLElement $parent, st`
`205`	`205`	`$element = $parent->addChild($name);`
`206`	`206`	`self::addCData($data, $element);`
`207`	`207`	`} else {`
`208`		`- $element = $parent->addChild($name, $data);`
	`208`	`+ $element = $parent->addChild($name, htmlspecialchars($data));`
`209`	`209`	`}`
`210`	`210`	`} else {`
`211`	`211`	`$element = $parent->addChild($name);`
Original file line number	Diff line number	Diff line change
`@@ -135,19 +135,19 @@ public function addChildrenTo(SimpleXMLElement $parent): void`
`135`	`135`	`parent::addChildrenTo($parent);`
`136`	`136`
`137`	`137`	`if (null !== $this->subtitle) {`
`138`		`- $parent->addChild('subtitle', $this->subtitle);`
	`138`	`+ $parent->addChild('subtitle', htmlspecialchars($this->subtitle));`
`139`	`139`	`}`
`140`	`140`
`141`	`141`	`if (null !== $this->logo) {`
`142`		`- $parent->addChild('logo', $this->logo);`
	`142`	`+ $parent->addChild('logo', htmlspecialchars($this->logo));`
`143`	`143`	`}`
`144`	`144`
`145`	`145`	`if (null !== $this->icon) {`
`146`		`- $parent->addChild('icon', $this->icon);`
	`146`	`+ $parent->addChild('icon', htmlspecialchars($this->icon));`
`147`	`147`	`}`
`148`	`148`
`149`	`149`	`if (null !== $this->generator) {`
`150`		`- $generator = $parent->addChild('generator', $this->generator);`
	`150`	`+ $generator = $parent->addChild('generator', htmlspecialchars($this->generator));`
`151`	`151`	`if (null !== $this->generatorVersion) {`
`152`	`152`	`$generator->addAttribute('version', $this->generatorVersion);`
`153`	`153`	`}`
`@@ -157,7 +157,7 @@ public function addChildrenTo(SimpleXMLElement $parent): void`
`157`	`157`	`}`
`158`	`158`
`159`	`159`	`foreach ($this->customElements as $customElement) {`
`160`		`- $element = $parent->addChild($customElement['name'], $customElement['value'], $customElement['uri']);`
	`160`	`+ $element = $parent->addChild($customElement['name'], htmlspecialchars($customElement['value']), $customElement['uri']);`
`161`	`161`	`foreach ($customElement['attributes'] as $name => $value) {`
`162`	`162`	`$element->addAttribute($name, $value);`
`163`	`163`	`}`
`@@ -180,7 +180,7 @@ public function getSimpleXML(): SimpleXMLElement`
`180`	`180`
`181`	`181`	`$attributesString = '';`
`182`	`182`	`foreach ($attributes as $name => $attribute) {`
`183`		`- $attributesString .= " {$name}=\"{$attribute}\"";`
	`183`	`+ $attributesString .= ' '.$name.'="'.htmlspecialchars($attribute).'"';`
`184`	`184`	`}`
`185`	`185`
`186`	`186`	`$xml = new SimpleXMLElement('<?xml version="1.0" encoding="utf-8"?><feed xmlns="http://www.w3.org/2005/Atom"'.$attributesString.' />');`