Merge pull request #325 from oat-sa/fix/TR-4212/legacy/decode-html-en…

…tities-in-attributes Fix/TR-4212/Legacy/Decode HTML entities in attributes
oat-sa · Aug 25, 2022 · b3ba786 · b3ba786
2 parents 9a3280b + ea31d1b
commit b3ba786
Show file tree

Hide file tree

Showing 2 changed files with 78 additions and 3 deletions.
diff --git a/qtism/data/storage/xml/Utils.php b/qtism/data/storage/xml/Utils.php
@@ -244,7 +244,7 @@ public static function getDOMElementAttributeAs(DOMElement $element, $attribute,
  */
  public static function setDOMElementAttribute(DOMElement $element, string $attribute, $value)
  {
- $element->setAttribute($attribute, self::valueAsString($value));
+ $element->setAttribute($attribute, self::valueAsString($value, false));
  }
 
  /**
@@ -264,14 +264,18 @@ public static function setDOMElementValue(DOMElement $element, $value)
  * Other variable types are optionally using string conversion.
  *
  * @param mixed $value
+ * @param bool $encode
  * @return string
  */
- public static function valueAsString($value)
+ public static function valueAsString($value, $encode = true)
  {
  if (is_bool($value)) {
  return $value === true ? 'true' : 'false';
  }
- return htmlspecialchars($value, ENT_XML1, 'UTF-8');
+ if ($encode) {
+ return htmlspecialchars($value, ENT_XML1, 'UTF-8');
+ }
+ return (string)$value;
  }
 
  /**

diff --git a/test/qtismtest/data/storage/xml/XmlUtilsTest.php b/test/qtismtest/data/storage/xml/XmlUtilsTest.php
@@ -3,6 +3,9 @@
 namespace qtismtest\data\storage\xml;
 
 use DOMDocument;
+use DOMElement;
+use qtism\common\enums\BaseType;
+use qtism\common\enums\Cardinality;
 use qtism\data\storage\xml\Utils;
 use qtismtest\QtiSmTestCase;
 
@@ -129,4 +132,72 @@ public function getXsdLocationProvider()
  ],
  ];
  }
+
+ /**
+ * @dataProvider getDOMElementAttributeAsProvider
+ * @param DOMElement $element
+ * @param string $attribute
+ * @param string $datatype
+ * @param mixed $expected
+ */
+ public function testGetDOMElementAttributeAs(DOMElement $element, $attribute, $datatype, $expected)
+ {
+ $result = Utils::getDOMElementAttributeAs($element, $attribute, $datatype);
+ $this::assertSame($expected, $result);
+ }
+
+ /**
+ * @return array
+ */
+ public function getDOMElementAttributeAsProvider()
+ {
+ $dom = new DOMDocument('1.0', 'UTF-8');
+ $dom->loadXML('<foo string="str&amp;str" integer="1" float="1.1" double="1.1" boolean="true" baseType="duration" wrongEnumValue="blah"/>');
+ $elt = $dom->documentElement;
+
+ return [
+ [$elt, 'string', 'string', 'str&str'],
+ [$elt, 'integer', 'integer', 1],
+ [$elt, 'float', 'float', 1.1],
+ [$elt, 'double', 'double', 1.1],
+ [$elt, 'boolean', 'boolean', true],
+ [$elt, 'not-existing', '', null],
+ [$elt, 'baseType', BaseType::class, BaseType::DURATION],
+ [$elt, 'wrongEnumValue', BaseType::class, 'blah'],
+ [$elt, 'cardinality', Cardinality::class, null],
+ ];
+ }
+
+ /**
+ * @dataProvider setDOMElementAttributeProvider
+ * @param string $attribute
+ * @param string $value
+ * @param mixed $expected
+ */
+ public function testSetDOMElementAttribute($attribute, $value, $expected)
+ {
+ $dom = new DOMDocument('1.0', 'UTF-8');
+ $element = $dom->createElement('foo');
+ $dom->appendChild($element);
+
+ Utils::setDOMElementAttribute($element, $attribute, $value);
+ $result = $dom->saveXML($element);
+
+ $this::assertSame($expected, $result);
+ }
+
+ /**
+ * @return array
+ */
+ public function setDOMElementAttributeProvider()
+ {
+ return [
+ ['string', 'str&str', '<foo string="str&amp;str"/>'],
+ ['integer', 1, '<foo integer="1"/>'],
+ ['float', 1.1, '<foo float="1.1"/>'],
+ ['double', 1.1, '<foo double="1.1"/>'],
+ ['boolean', true, '<foo boolean="true"/>'],
+ ['not-existing', null, '<foo not-existing=""/>'],
+ ];
+ }
 }