SDO_DAS_XML prints malformed XML

Discussion:

Tom

2007-11-23 12:14:49 UTC

Hi guys!

The following code produces malformed XML output:

$type = $sdo->getTypeName();
$xdoc = $this->xml_das->createDocument('', $type, $sdo);
$xmlstr = $this->xml_das->saveString($xdoc);

Try looking at this document that was produced this way:
http://codestar.se/malformedxml.xml

The problem seems to be that characters like & are not escaped during
XML creation.

How can I fix this? Seems like the SDO_DAS_XML class is not part of
the installed PHP SCA SDO package?

Regards,
Tom

Caroline Maynard

2007-11-23 14:49:32 UTC

Permalink

Post by Tom
Hi guys!
$type = $sdo->getTypeName();
$xdoc = $this->xml_das->createDocument('', $type, $sdo);
$xmlstr = $this->xml_das->saveString($xdoc);
http://codestar.se/malformedxml.xml
The problem seems to be that characters like & are not escaped during
XML creation.
How can I fix this? Seems like the SDO_DAS_XML class is not part of
the installed PHP SCA SDO package?

Hi Tom,

The SDO_DAS_XML is part of the SDO extension. You'll need to dig into
the C source if you want to work with it - look in CVS for this
(http://cvs.php.net/viewvc.cgi/pecl/sdo/).

I agree that it's wrong for SDO to output xml containing & characters
rather than & in values, as this is not well-formed xml. I'll think
about a fix. This problem may be quite pervasive.

Also, I'd like to know what a Thai crème brûlée tastes like.

Tom

2007-11-23 15:32:48 UTC

Permalink

Post by Caroline Maynard
The SDO_DAS_XML is part of the SDO extension. You'll need to dig into
the C source if you want to work with it - look in CVS for this
(http://cvs.php.net/viewvc.cgi/pecl/sdo/).
I agree that it's wrong for SDO to output xml containing & characters
rather than & in values, as this is not well-formed xml. I'll think
about a fix. This problem may be quite pervasive.

I figured this would be the case... I'm no C programmer so I don't
think I'm the guy to fix this properly.

Post by Caroline Maynard
Also, I'd like to know what a Thai crème brûlée tastes like.

You'll have to book a table at the restaurant that serves it to
experience that :) I believe you're talking about Spring in Stockholm.
Here's the URL: http://www.tablefinder.com/eng/Restaurant/spring Make
a weekend out of it :)

/Tom

Caroline Maynard

2007-11-23 15:42:29 UTC

Permalink

Post by Caroline Maynard

Hi Tom,
The SDO_DAS_XML is part of the SDO extension. You'll need to dig into
the C source if you want to work with it - look in CVS for this
(http://cvs.php.net/viewvc.cgi/pecl/sdo/).
I agree that it's wrong for SDO to output xml containing & characters
rather than & in values, as this is not well-formed xml. I'll think
about a fix. This problem may be quite pervasive.

Matthew, I see you've found a Tuscany problem
(http://issues.apache.org/jira/browse/TUSCANY-1553) already open for
this. Even if that gets fixed though, I don't think we can always depend
on Tuscany - the SCA code generates some xml itself in places, does it
not? - so we have to be prepared with the htmlentities($in, ENT_QUOTES)
or its internal equivalent, I think.

Caroline Maynard

2007-11-23 16:33:06 UTC

Permalink

Post by Caroline Maynard
Matthew, I see you've found a Tuscany problem
(http://issues.apache.org/jira/browse/TUSCANY-1553) already open for
this. Even if that gets fixed though, I don't think we can always depend
on Tuscany - the SCA code generates some xml itself in places, does it
not? - so we have to be prepared with the htmlentities($in, ENT_QUOTES)
or its internal equivalent, I think.

... but not substituting within CDATA sections, of course ...

Matthew Peters

2007-11-23 17:26:19 UTC

Permalink

Hi Caroline,
well spotted. There are places in both the wsdl generation and in the
xmlrpc binding that we generate xml by simply sticking strings
together ( I searched for "</" ).

We should probably edit the variables that we are using to make sure
they don't contain dodgy characters. I think they are only ever values
that we pull out of the annotations e.g. from @param and so forth, but
we should be careful. I will raise a pecl bug to track it.

Matthew

Post by Caroline Maynard

Post by Caroline Maynard
this. Even if that gets fixed though, I don't think we can always depend
on Tuscany - the SCA code generates some xml itself in places, does it
not? - so we have to be prepared with the htmlentities($in, ENT_QUOTES)
or its internal equivalent, I think.

... but not substituting within CDATA sections, of course ...

Caroline Maynard

2007-11-30 10:47:52 UTC

Permalink

Post by Matthew Peters
We should probably edit the variables that we are using to make sure
they don't contain dodgy characters. I think they are only ever values
we should be careful. I will raise a pecl bug to track it.

Matthew, I checked in a SCA_Helper method to do this. I'll leave you to
work out where to apply it, I just wrote it as a comparison test for a
Tuscany patch I developed and thought it might be useful in its own right.

Caroline Maynard

2007-11-30 17:08:39 UTC

Permalink

I've sent a patch for this to the Tuscany team, and am now hoping for
the attention of a Tuscany developer.

Caroline Maynard

2007-12-04 14:53:12 UTC

Permalink

Post by Caroline Maynard
I've sent a patch for this to the Tuscany team, and am now hoping for
the attention of a Tuscany developer.

Tuscany have accepted my patch, so I've now checked it into our FULMAR
branch, and it will be in the next release.