* Made ENT_* defines availabe to other functions.

* The key/variable names in WDDX are now html escaped to not break XML.
@- Fixed WDDX serialization to HTML-escape key/variable names so as not to
@  break the XML packet. (Andrei)

diff --git a/ext/standard/html.c b/ext/standard/html.c
index 82fa8c46f7c15c1b0069ba068649fa3ede10b330..85f370f5684048f2678235048a3a2e4510c39c24 100644 (file)
--- a/ext/standard/html.c
+++ b/ext/standard/html.c
@@ -45,10 +45,6 @@ static char EntTable[][7] =
        "uuml","yacute","thorn","yuml"
 };
 
-#define ENT_COMPAT    1
-#define ENT_QUOTES    2
-#define ENT_NOQUOTES  4
-
 PHPAPI char *php_escape_html_entities(unsigned char *old, int oldlen, int *newlen, int all, int quote_style)
 {
        int i, maxlen, len;

diff --git a/ext/standard/html.h b/ext/standard/html.h
index 442c6de4350a5d04c25c6c5a8b7ac9fe7608a58e..ae0f5e8d65ce4c77df65ce6b56eb42cbe8e18272 100644 (file)
--- a/ext/standard/html.h
+++ b/ext/standard/html.h
@@ -21,6 +21,10 @@
 #ifndef HTML_H
 #define HTML_H
 
+#define ENT_COMPAT    1
+#define ENT_QUOTES    2
+#define ENT_NOQUOTES  4
+
 void register_html_constants(INIT_FUNC_ARGS);
 
 PHP_FUNCTION(htmlspecialchars);

diff --git a/ext/wddx/php_wddx_api.h b/ext/wddx/php_wddx_api.h
index a9347aa31b3514572ec01eb9176e67c293ad9623..0d7318059bdfdb065f6a48e7a995afdc4c1ff0fb 100644 (file)
--- a/ext/wddx/php_wddx_api.h
+++ b/ext/wddx/php_wddx_api.h
@@ -59,7 +59,7 @@ wddx_packet *php_wddx_constructor(void);
 void            php_wddx_packet_start(wddx_packet *packet, char *comment, int comment_len);
 void            php_wddx_packet_end(wddx_packet *packet);
 
-void            php_wddx_serialize_var(wddx_packet *packet, zval *var, char *name);
+void            php_wddx_serialize_var(wddx_packet *packet, zval *var, char *name, int name_len);
 int             php_wddx_deserialize_ex(char *, int, zval *return_value);
 #define php_wddx_gather(packet) estrndup(packet->c, packet->len)
 

diff --git a/ext/wddx/wddx.c b/ext/wddx/wddx.c
index 409659c7fcb017b5c780d53a3c3b512ec35f2735..97021f763fb9931df1363d29ea663ab99e0a323d 100644 (file)
--- a/ext/wddx/wddx.c
+++ b/ext/wddx/wddx.c
@@ -41,6 +41,7 @@
 #include "ext/standard/base64.h"
 #include "ext/standard/info.h"
 #include "ext/standard/php_smart_str.h"
+#include "ext/standard/html.h"
 
 #define WDDX_BUF_LEN                   256
 #define PHP_CLASS_NAME_VAR             "php_class_name"
@@ -368,13 +369,15 @@ static void php_wddx_serialize_object(wddx_packet *packet, zval *obj)
                                }
 
                                if (zend_hash_find(HASH_OF(obj), Z_STRVAL_PP(varname), Z_STRLEN_PP(varname)+1, (void **)&ent) == SUCCESS) {
-                                       php_wddx_serialize_var(packet, *ent, Z_STRVAL_PP(varname));
+                                       php_wddx_serialize_var(packet, *ent, Z_STRVAL_PP(varname), Z_STRLEN_PP(varname));
                                }
                        }
                        
                        php_wddx_add_chunk_static(packet, WDDX_STRUCT_E);
                }
        } else {
+               ulong key_len;
+
                PHP_CLASS_ATTRIBUTES;
 
                PHP_SET_CLASS_ATTRIBUTES(obj);
@@ -395,11 +398,11 @@ static void php_wddx_serialize_object(wddx_packet *packet, zval *obj)
                        if (*ent == obj)
                                continue;
 
-                       if (zend_hash_get_current_key(HASH_OF(obj), &key, &idx, 0) == HASH_KEY_IS_STRING) {
-                               php_wddx_serialize_var(packet, *ent, key);
+                       if (zend_hash_get_current_key_ex(HASH_OF(obj), &key, &key_len, &idx, 0, NULL) == HASH_KEY_IS_STRING) {
+                               php_wddx_serialize_var(packet, *ent, key, key_len);
                        } else {
-                               sprintf(tmp_buf, "%ld", idx);
-                               php_wddx_serialize_var(packet, *ent, tmp_buf);
+                               key_len = sprintf(tmp_buf, "%ld", idx);
+                               php_wddx_serialize_var(packet, *ent, tmp_buf, key_len);
                        }
                }
                php_wddx_add_chunk_static(packet, WDDX_STRUCT_E);
@@ -416,6 +419,7 @@ static void php_wddx_serialize_array(wddx_packet *packet, zval *arr)
 {
        zval **ent;
        char *key;
+       ulong key_len;
        int is_struct = 0, ent_type;
        ulong idx;
        HashTable *target_hash;
@@ -442,7 +446,7 @@ static void php_wddx_serialize_array(wddx_packet *packet, zval *arr)
                }
 
                ind++;
-       }                               
+       }
 
        if (is_struct) {
                php_wddx_add_chunk_static(packet, WDDX_STRUCT_S);
@@ -458,16 +462,16 @@ static void php_wddx_serialize_array(wddx_packet *packet, zval *arr)
                        continue;
 
                if (is_struct) {
-                       ent_type = zend_hash_get_current_key(target_hash, &key, &idx, 0);
+                       ent_type = zend_hash_get_current_key_ex(target_hash, &key, &key_len, &idx, 0, NULL);
 
                        if (ent_type == HASH_KEY_IS_STRING) {
-                               php_wddx_serialize_var(packet, *ent, key);
+                               php_wddx_serialize_var(packet, *ent, key, key_len);
                        } else {
-                               sprintf(tmp_buf, "%ld", idx);
-                               php_wddx_serialize_var(packet, *ent, tmp_buf);
+                               key_len = sprintf(tmp_buf, "%ld", idx);
+                               php_wddx_serialize_var(packet, *ent, tmp_buf, key_len);
                        }
                } else
-                       php_wddx_serialize_var(packet, *ent, NULL);
+                       php_wddx_serialize_var(packet, *ent, NULL, 0);
        }
        
        if (is_struct) {
@@ -478,13 +482,17 @@ static void php_wddx_serialize_array(wddx_packet *packet, zval *arr)
 }
 
 
-void php_wddx_serialize_var(wddx_packet *packet, zval *var, char *name)
+void php_wddx_serialize_var(wddx_packet *packet, zval *var, char *name, int name_len)
 {
        char tmp_buf[WDDX_BUF_LEN];
-       
+       char *name_esc;
+       int name_esc_len;
+
        if (name) {
-               sprintf(tmp_buf, WDDX_VAR_S, name);
+               name_esc = php_escape_html_entities(name, name_len, &name_esc_len, 0, ENT_QUOTES);
+               sprintf(tmp_buf, WDDX_VAR_S, name_esc);
                php_wddx_add_chunk(packet, tmp_buf);
+               efree(name_esc);
        }
        
        switch(Z_TYPE_P(var)) {
@@ -530,7 +538,7 @@ static void php_wddx_add_var(wddx_packet *packet, zval *name_var)
        {
                if (zend_hash_find(EG(active_symbol_table), Z_STRVAL_P(name_var),
                                                        Z_STRLEN_P(name_var)+1, (void**)&val) != FAILURE) {
-                       php_wddx_serialize_var(packet, *val, Z_STRVAL_P(name_var));
+                       php_wddx_serialize_var(packet, *val, Z_STRVAL_P(name_var), Z_STRLEN_P(name_var));
                }               
        }
        else if (Z_TYPE_P(name_var) == IS_ARRAY || Z_TYPE_P(name_var) == IS_OBJECT)
@@ -887,7 +895,7 @@ PHP_FUNCTION(wddx_serialize_value)
        else
                php_wddx_packet_start(packet, NULL, 0);
 
-       php_wddx_serialize_var(packet, (*var), NULL);
+       php_wddx_serialize_var(packet, (*var), NULL, 0);
        php_wddx_packet_end(packet);
                                        
        ZVAL_STRINGL(return_value, packet->c, packet->len, 1);