From 6e698a41c5017150623531a9f2d6ec3baceda9c2 Mon Sep 17 00:00:00 2001 From: Robert Kaiser Date: Sun, 25 Sep 2016 18:48:58 +0200 Subject: [PATCH] adding a value in createElement doesn't care for escaping but createTextNode does, so actually use appendText in appendElement --- include/cbsm/util/document.php-class | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/include/cbsm/util/document.php-class b/include/cbsm/util/document.php-class index fa269ca..6a36dfc 100755 --- a/include/cbsm/util/document.php-class +++ b/include/cbsm/util/document.php-class @@ -187,7 +187,10 @@ class ExtendedDocument extends DOMDocument { } function appendElement($name, $value = '') { - return $this->appendChild($this->createElement($name, $value)); + // Adding the $value in createElement does NOT escape it, so use appendText to support that. + $aelem = $this->appendChild($this->createElement($name)); + $aelem->appendText($value); + return $aelem; } function appendElementXML($name, $xmldata) { $aelem = $this->appendChild($this->createElement($name)); @@ -270,7 +273,8 @@ class ExtendedDocument extends DOMDocument { } function createElementLink($target, $value = '') { - $link = $this->createElement('a', $value); + $link = $this->createElement('a'); + $link->appendText($value); $link->setAttribute('href', $target); // XXX: take care of & etc. in links return $link; } @@ -499,7 +503,10 @@ class ExtendedElement extends DOMElement { // returns the new child function appendElement($name, $value = '') { - return $this->appendChild($this->ownerDocument->createElement($name, $value)); + // Adding the $value in createElement does NOT escape it, so use appendText to support that. + $aelem = $this->appendChild($this->ownerDocument->createElement($name)); + $aelem->appendText($value); + return $aelem; } function appendElementXML($name, $xmldata) { $aelem = $this->appendChild($this->ownerDocument->createElement($name)); @@ -663,7 +670,10 @@ class ExtendedDocumentFragment extends DOMDocumentFragment { // returns the new child function appendElement($name, $value = '') { - return $this->appendChild($this->ownerDocument->createElement($name, $value)); + // Adding the $value in createElement does NOT escape it, so use appendText to support that. + $aelem = $this->appendChild($this->ownerDocument->createElement($name)); + $aelem->appendText($value); + return $aelem; } function appendElementXML($name, $xmldata) { $aelem = $this->appendChild($this->ownerDocument->createElement($name)); -- 2.43.0