diff options
| -rw-r--r-- | it_xml.class | 3 | ||||
| -rwxr-xr-x | tests/it_xml.t | 7 |
2 files changed, 10 insertions, 0 deletions
diff --git a/it_xml.class b/it_xml.class index 654042b..6013b52 100644 --- a/it_xml.class +++ b/it_xml.class @@ -88,6 +88,9 @@ function from_xml($xmldata, $p) if (!preg_match('/^(<\?xml|\xEF\xBB\xBF|\xFE\xFF|\xFF\xFE|\x00\x00\xFE\xFF|\x00\x00\xFF\xFE)/', $xmldata)) $xmldata = '<?xml version="1.0" encoding="' . $this->_p['encoding'] . '"?>' . $xmldata; + # decode illegal entities but protect semantically important ones + $xmldata = html_entity_decode(preg_replace('/&(amp|lt|gt|#38|#60|#62|#x26|#x3C|#3E);/i', '&$1;', $xmldata)); + $result = xml_parse($parser, $xmldata); } diff --git a/tests/it_xml.t b/tests/it_xml.t index 7e555bd..a0922c5 100755 --- a/tests/it_xml.t +++ b/tests/it_xml.t @@ -46,6 +46,13 @@ match( 'Character data with entities' ); +match( + '<foo>&<>&<>&<> ü</foo>', + 'foo Object ( [val] => &<>&<>&<> ü ) ', + 'Predecode illegal entities', +); + + # Test inheritance class my_xml extends it_xml { |