Xml.php: Do not escape double quotes in $contents of Xml::element()

author Fomafix <fomafix@googlemail.com>

Wed, 24 Feb 2016 18:22:43 +0000 (18:22 +0000)

committer Krinkle <krinklemail@gmail.com>

Wed, 23 May 2018 20:03:54 +0000 (20:03 +0000)
author Fomafix <fomafix@googlemail.com>
Wed, 24 Feb 2016 18:22:43 +0000 (18:22 +0000)
committer Krinkle <krinklemail@gmail.com>
Wed, 23 May 2018 20:03:54 +0000 (20:03 +0000)
diff --git a/includes/Xml.php b/includes/Xml.php

index 10d0d8b..4f2720e 100644 (file)
--- a/includes/Xml.php
+++ b/includes/Xml.php
@@ -49,7 +49,7 @@ class Xml {
                         if ( $allowShortTag && $contents === '' ) {
                                 $out .= ' />';
                         } else {
-                               $out .= '>' . htmlspecialchars( $contents ) . "</$element>";
+                               $out .= '>' . htmlspecialchars( $contents, ENT_NOQUOTES ) . "</$element>";
                         }
                 }
                 return $out;
diff --git a/tests/phpunit/includes/XmlTest.php b/tests/phpunit/includes/XmlTest.php

index e46fc67..4556473 100644 (file)
--- a/tests/phpunit/includes/XmlTest.php
+++ b/tests/phpunit/includes/XmlTest.php
@@ -97,8 +97,8 @@ class XmlTest extends MediaWikiTestCase {
          */
         public function testElementEscaping() {
                 $this->assertEquals(
-                       '<element>hello &lt;there&gt; you &amp; you</element>',
-                       Xml::element( 'element', null, 'hello <there> you & you' ),
+                       '<element>"hello &lt;there&gt; your\'s &amp; you"</element>',
+                       Xml::element( 'element', null, '"hello <there> your\'s & you"' ),
                         'Element with no attributes and content that needs escaping'
                 );
         }
diff --git a/tests/phpunit/includes/api/format/ApiFormatXmlTest.php b/tests/phpunit/includes/api/format/ApiFormatXmlTest.php

index 915fb5c..4438332 100644 (file)
--- a/tests/phpunit/includes/api/format/ApiFormatXmlTest.php
+++ b/tests/phpunit/includes/api/format/ApiFormatXmlTest.php
@@ -109,7 +109,7 @@ class ApiFormatXmlTest extends ApiFormatTestBase {
                                 [ 'xslt' => 'DoesNotExist' ] ],
                         [ [], '<?xml version="1.0"?><api><warnings><xml xml:space="preserve">Stylesheet should be in the MediaWiki namespace.</xml></warnings></api>',
                                 [ 'xslt' => 'ApiFormatXmlTest' ] ],
-                       [ [], '<?xml version="1.0"?><api><warnings><xml xml:space="preserve">Stylesheet should have &quot;.xsl&quot; extension.</xml></warnings></api>',
+                       [ [], '<?xml version="1.0"?><api><warnings><xml xml:space="preserve">Stylesheet should have ".xsl" extension.</xml></warnings></api>',
                                 [ 'xslt' => 'MediaWiki:ApiFormatXmlTest' ] ],
                         [ [],
                                 '<?xml version="1.0"?><?xml-stylesheet href="' .
author	Fomafix <fomafix@googlemail.com>
	Wed, 24 Feb 2016 18:22:43 +0000 (18:22 +0000)
committer	Krinkle <krinklemail@gmail.com>
	Wed, 23 May 2018 20:03:54 +0000 (20:03 +0000)
includes/Xml.php		patch \| blob \| history
tests/phpunit/includes/XmlTest.php		patch \| blob \| history
tests/phpunit/includes/api/format/ApiFormatXmlTest.php		patch \| blob \| history