adding a value in createElement doesn't care for escaping but createTextNode does...

[php-utility-classes.git] / include / cbsm / util / document.php-class

diff --git a/include/cbsm/util/document.php-class b/include/cbsm/util/document.php-class
index a10041a9dc6c2b2e9cfaeb02b5816978e694f680..6a36dfc704987e24c8bb5ea5bb9b120cd12c0b03 100755 (executable)
--- a/include/cbsm/util/document.php-class
+++ b/include/cbsm/util/document.php-class
@@ -187,7 +187,10 @@ class ExtendedDocument extends DOMDocument {
   }
 
   function appendElement($name, $value = '') {
-    return $this->appendChild($this->createElement($name, $value));
+    // Adding the $value in createElement does NOT escape it, so use appendText to support that.
+    $aelem = $this->appendChild($this->createElement($name));
+    $aelem->appendText($value);
+    return $aelem;
   }
   function appendElementXML($name, $xmldata) {
     $aelem = $this->appendChild($this->createElement($name));
@@ -270,16 +273,17 @@ class ExtendedDocument extends DOMDocument {
   }
 
   function createElementLink($target, $value = '') {
-    $link = $this->createElement('a', $value);
+    $link = $this->createElement('a');
+    $link->appendText($value);
     $link->setAttribute('href', $target); // XXX: take care of & etc. in links
     return $link;
   }
 
   function createElementImage($src, $alt_text = '') {
-    $link = $this->createElement('img');
-    $link->setAttribute('src', $src);
-    $link->setAttribute('alt', $alt_text);
-    return $link;
+    $img = $this->createElement('img');
+    $img->setAttribute('src', $src);
+    $img->setAttribute('alt', $alt_text);
+    return $img;
   }
 
   function createElementForm($action, $method, $name) {
@@ -310,14 +314,14 @@ class ExtendedDocument extends DOMDocument {
   }
 
   function createElementInputPassword($name, $maxlength, $size, $id = null, $value = null) {
-    $txfield = $this->createElement('input');
-    $txfield->setAttribute('type', 'password');
-    if (!is_null($id)) { $txfield->setAttribute('id', $id); }
-    $txfield->setAttribute('name', $name);
-    $txfield->setAttribute('maxlength', $maxlength);
-    $txfield->setAttribute('size', $size);
-    if (!is_null($value)) { $txfield->setAttribute('value', $value); }
-    return $txfield;
+    $pwfield = $this->createElement('input');
+    $pwfield->setAttribute('type', 'password');
+    if (!is_null($id)) { $pwfield->setAttribute('id', $id); }
+    $pwfield->setAttribute('name', $name);
+    $pwfield->setAttribute('maxlength', $maxlength);
+    $pwfield->setAttribute('size', $size);
+    if (!is_null($value)) { $pwfield->setAttribute('value', $value); }
+    return $pwfield;
   }
 
   function createElementInputRadio($name, $id, $value, $checked) {
@@ -499,7 +503,10 @@ class ExtendedElement extends DOMElement {
   //     returns the new child
 
   function appendElement($name, $value = '') {
-    return $this->appendChild($this->ownerDocument->createElement($name, $value));
+    // Adding the $value in createElement does NOT escape it, so use appendText to support that.
+    $aelem = $this->appendChild($this->ownerDocument->createElement($name));
+    $aelem->appendText($value);
+    return $aelem;
   }
   function appendElementXML($name, $xmldata) {
     $aelem = $this->appendChild($this->ownerDocument->createElement($name));
@@ -663,7 +670,10 @@ class ExtendedDocumentFragment extends DOMDocumentFragment {
   //     returns the new child
 
   function appendElement($name, $value = '') {
-    return $this->appendChild($this->ownerDocument->createElement($name, $value));
+    // Adding the $value in createElement does NOT escape it, so use appendText to support that.
+    $aelem = $this->appendChild($this->ownerDocument->createElement($name));
+    $aelem->appendText($value);
+    return $aelem;
   }
   function appendElementXML($name, $xmldata) {
     $aelem = $this->appendChild($this->ownerDocument->createElement($name));