User tests: Successful: Unsuccessful:
Create a user custom profile with a country list and a properly escaped ampersand (Issue tracker may replace my escaped ampersand as non-escaped):
name="country"
type="list"
default=""
label="PLG_USER_PROFILE_FIELD_COUNTRY_LABEL"
description="PLG_USER_PROFILE_FIELD_COUNTRY_DESC">
United States
Antigua & Barbuda
...
Bosnia & Herzegovina
...
Trinidad & Tobago
Simple list of countries in the profile
Warning: SimpleXMLElement::addChild() [simplexmlelement.addchild]: unterminated entity reference Barbuda in /home/website/public_html/joomla/libraries/joomla/form/form.php on line 2119
Warning: SimpleXMLElement::addChild() [simplexmlelement.addchild]: unterminated entity reference Herzegovina in /home/website/public_html/joomla/libraries/joomla/form/form.php on line 2119
Warning: SimpleXMLElement::addChild() [simplexmlelement.addchild]: unterminated entity reference Tobago in /home/website/public_html/joomla/libraries/joomla/form/form.php on line 2119
PHP Version: 5.4.24
Web Server: Apache Phusion_Passenger/4.0.10 mod_bwlimited/1.4 mod_fcgid/2.3.9
WebServer to PHP Interface: cgi-fcgi
Joomla! Version: Joomla! 3.3.4 Stable [ Ember ] 23-September-2014 14:00 GMT
Joomla! Platform Version: Joomla Platform 13.1.0 Stable [ Curiosity ] 24-Apr-2013 00:00 GMT
User Agent: Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0
Solving the problem is simply updating form.php at line 2119:
//$node = $source->addChild($new->getName(), trim($new));
$node = $source->addChild($new->getName(), htmlspecialchars(trim($new)));
Using language files for all of the countries with ampersands also works to solve the issue, however I do not believe this should be the preferred method to fix it.
Labels |
Added:
?
|
Title |
|
Category | ⇒ | Libraries |
Title |
|
He does say further up they are properly escaped
sorry!
I wrong understand ...
I can reproduce this with next field code (in the profile form):
<field name="test" type="list" label="test">
<option value="1">United States</option>
<option value="2">Antigua & Barbuda</option>
<option value="3">Trinidad & Tobago</option>
<option value="4">Bosnia & Herzegovina</option>
</field>
and this pull fix the problem
only thing, maybe enough just htmlspecialchars($new)
, because as I understand trim()
was used just for convert SimpleXMLElement
to string
Easy | No | ⇒ | Yes |
last week I got similar error with german language, with umlauts,
and I noticed that better use html_entity_decode
instead of htmlspecialchars
, as it more "XML safe" ... can someone confirm it?
<field name="test" type="list" label="test">
<option value="1">Geschäftlich</option>
</field>
Some text with some fenced code
inside.
<field name="test" type="list" label="test">
<option value="1">United States</option>
<option value="2">Antigua & Barbuda</option>
<option value="3">Trinidad & Tobago</option>
<option value="4">Bosnia & Herzegovina</option>
<option value="5">Geschäftlich</option>
</field>
I actualy can't open the User Profile Page and there appear some warnings...
After applying the Patch it's working like descriped! Good work!
Tested with & and ü the german umlaut vor ue both worked good after patch.
Tested with & and ü the german umlaut vor ue both worked good after patch.
Status | Pending | ⇒ | Closed |
Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2015-08-21 12:31:19 |
Closed_By | ⇒ | roland-d |
Milestone |
Added: |
just fix your XML
see 2.4 Character Data and Markup
It not a Joomla! bug.