Joomla! Issue Tracker - CMS

Download
Launch
Feeling Lucky

[#4353] - SimpleXMLElement::addChild() [simplexmlelement.addchild]: unterminated entity reference

? Success
Referenced as Related to: # 4349 Duplicate of: # 4352

User tests: Successful: Unsuccessful:

avatar JamesShaver
JamesShaver
25 Sep 2014

Steps to reproduce the issue

Create a user custom profile with a country list and a properly escaped ampersand (Issue tracker may replace my escaped ampersand as non-escaped):
name="country"
type="list"
default=""
label="PLG_USER_PROFILE_FIELD_COUNTRY_LABEL"
description="PLG_USER_PROFILE_FIELD_COUNTRY_DESC">
United States
Antigua & Barbuda
...
Bosnia & Herzegovina
...
Trinidad & Tobago

Expected result

Simple list of countries in the profile

Actual result

Warning: SimpleXMLElement::addChild() [simplexmlelement.addchild]: unterminated entity reference Barbuda in /home/website/public_html/joomla/libraries/joomla/form/form.php on line 2119
Warning: SimpleXMLElement::addChild() [simplexmlelement.addchild]: unterminated entity reference Herzegovina in /home/website/public_html/joomla/libraries/joomla/form/form.php on line 2119
Warning: SimpleXMLElement::addChild() [simplexmlelement.addchild]: unterminated entity reference Tobago in /home/website/public_html/joomla/libraries/joomla/form/form.php on line 2119

System information (as much as possible)

PHP Version: 5.4.24
Web Server: Apache Phusion_Passenger/4.0.10 mod_bwlimited/1.4 mod_fcgid/2.3.9
WebServer to PHP Interface: cgi-fcgi
Joomla! Version: Joomla! 3.3.4 Stable [ Ember ] 23-September-2014 14:00 GMT
Joomla! Platform Version: Joomla Platform 13.1.0 Stable [ Curiosity ] 24-Apr-2013 00:00 GMT
User Agent: Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0

Additional comments

Solving the problem is simply updating form.php at line 2119:

//$node = $source->addChild($new->getName(), trim($new));
$node = $source->addChild($new->getName(), htmlspecialchars(trim($new)));

Using language files for all of the countries with ampersands also works to solve the issue, however I do not believe this should be the preferred method to fix it.

avatar quasiman quasiman - open - 25 Sep 2014
avatar jissues-bot jissues-bot - change - 25 Sep 2014
Labels Added: ?
avatar jissues-bot jissues-bot - change - 26 Sep 2014
Title
In reference to issue # 4349
SimpleXMLElement::addChild() [simplexmlelement.addchild]: unterminated entity reference
avatar zero-24 zero-24 - change - 26 Sep 2014
Category Libraries
avatar zero-24 zero-24 - change - 26 Sep 2014
The description was changed
Title
In reference to issue # 4349
SimpleXMLElement::addChild() [simplexmlelement.addchild]: unterminated entity reference
avatar Fedik
Fedik - comment - 26 Sep 2014

just fix your XML :wink:

The ampersand character (&) and the left angle bracket (<) must not appear in their literal form

see 2.4 Character Data and Markup

It not a Joomla! bug.

avatar wilsonge
wilsonge - comment - 26 Sep 2014

He does say further up they are properly escaped

avatar Fedik
Fedik - comment - 26 Sep 2014

sorry!
I wrong understand ...

I can reproduce this with next field code (in the profile form):

<field name="test" type="list" label="test">
  <option value="1">United States</option>
  <option value="2">Antigua &amp; Barbuda</option>
  <option value="3">Trinidad &amp; Tobago</option>
  <option value="4">Bosnia &amp; Herzegovina</option>
</field>

and this pull fix the problem

only thing, maybe enough just htmlspecialchars($new), because as I understand trim() was used just for convert SimpleXMLElement to string

avatar zero-24 zero-24 - alter_testresult - 27 Nov 2014 - Fedik: Tested successfully
avatar zero-24 zero-24 - change - 27 Nov 2014
Easy No Yes
avatar Fedik
Fedik - comment - 6 Feb 2015

last week I got similar error with german language, with umlauts,
and I noticed that better use html_entity_decode instead of htmlspecialchars, as it more "XML safe" ... can someone confirm it? 

<field name="test" type="list" label="test">
  <option value="1">Geschäftlich</option>
</field>
avatar hitchblade
hitchblade - comment - 21 Aug 2015

Some text with some fenced code inside.

<field name="test" type="list" label="test">
    <option value="1">United States</option>
    <option value="2">Antigua &amp; Barbuda</option>
    <option value="3">Trinidad &amp; Tobago</option>
    <option value="4">Bosnia &amp; Herzegovina</option>
    <option value="5">Geschäftlich</option>
</field>

I actualy can't open the User Profile Page and there appear some warnings...
After applying the Patch it's working like descriped! Good work!

This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/4353.

avatar hitchblade hitchblade - test_item - 21 Aug 2015 - Tested successfully
avatar MPompejus
MPompejus - comment - 21 Aug 2015

Tested with & and ü the german umlaut vor ue both worked good after patch.

This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/4353.

avatar MPompejus
MPompejus - comment - 21 Aug 2015

Tested with & and ü the german umlaut vor ue both worked good after patch.

This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/4353.

avatar MPompejus MPompejus - test_item - 21 Aug 2015 - Tested successfully
avatar roland-d roland-d - reference | 5eea059 - 21 Aug 15
avatar roland-d roland-d - change - 21 Aug 2015
Status Pending Closed
Closed_Date 0000-00-00 00:00:00 2015-08-21 12:31:19
Closed_By roland-d
avatar roland-d roland-d - close - 21 Aug 2015
avatar roland-d roland-d - merge - 21 Aug 2015
avatar roland-d roland-d - close - 21 Aug 2015
avatar roland-d roland-d - change - 21 Aug 2015
Milestone Added:

Add a Comment

Login with GitHub to post a comment