Merge pull request #258 from Art4/233-patch-xml-element-error

kbsali · web-flow · commit 8a3dc924cb4e · 2021-03-19T16:25:10.000+01:00
Handle xml entities in time_entry comments correct
diff --git a/src/Redmine/Api/TimeEntry.php b/src/Redmine/Api/TimeEntry.php
@@ -78,7 +78,7 @@ public function create(array $params = [])
             if ('custom_fields' === $k && is_array($v)) {
                 $this->attachCustomFieldXML($xml, $v);
             } else {
-                $xml->addChild($k, $v);
+                $xml->addChild($k, htmlspecialchars($v));
             }
         }
 
diff --git a/tests/Unit/Api/TimeEntryTest.php b/tests/Unit/Api/TimeEntryTest.php
@@ -232,6 +232,7 @@ public function testCreateCallsPost()
             'issue_id' => '15',
             'project_id' => '25',
             'hours' => '5.25',
+            'comments' => 'some text with xml entities: & < > " \' ',
             'custom_fields' => [
                 [
                     'id' => 1,

Original file line number	Diff line number	Diff line change
`@@ -78,7 +78,7 @@ public function create(array $params = [])`
`78`	`78`	`if ('custom_fields' === $k && is_array($v)) {`
`79`	`79`	`$this->attachCustomFieldXML($xml, $v);`
`80`	`80`	`} else {`
`81`		`- $xml->addChild($k, $v);`
	`81`	`+ $xml->addChild($k, htmlspecialchars($v));`
`82`	`82`	`}`
`83`	`83`	`}`
`84`	`84`
Original file line number	Diff line number	Diff line change
`@@ -232,6 +232,7 @@ public function testCreateCallsPost()`
`232`	`232`	`'issue_id' => '15',`
`233`	`233`	`'project_id' => '25',`
`234`	`234`	`'hours' => '5.25',`
	`235`	`+ 'comments' => 'some text with xml entities: & < > " \' ',`
`235`	`236`	`'custom_fields' => [`
`236`	`237`	`[`
`237`	`238`	`'id' => 1,`