Clientbase
/
PHPWord
mirror of https://github.com/basemaster/PHPWord.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Escape incoming invalid XML characters using htmlspecialchars().

This commit is contained in:
Tim Jarrett 2016-02-02 16:17:20 -05:00 committed by troosan
parent d8caa0b572
commit d8387c1aba
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/PhpWord/Reader/Word2007/AbstractPart.php
View File

@ -135,7 +135,7 @@ abstract class AbstractPart
} }
} }
} }
$parent->addPreserveText($textContent, $fontStyle, $paragraphStyle); $parent->addPreserveText(htmlspecialchars($textContent, ENT_QUOTES | ENT_XML1), $fontStyle, $paragraphStyle);
} elseif ($xmlReader->elementExists('w:pPr/w:numPr', $domNode)) { } elseif ($xmlReader->elementExists('w:pPr/w:numPr', $domNode)) {
// List item // List item
$numId = $xmlReader->getAttribute('w:val', $domNode, 'w:pPr/w:numPr/w:numId'); $numId = $xmlReader->getAttribute('w:val', $domNode, 'w:pPr/w:numPr/w:numId');
@ -152,7 +152,7 @@ abstract class AbstractPart
$textContent = null; $textContent = null;
$nodes = $xmlReader->getElements('w:r', $domNode); $nodes = $xmlReader->getElements('w:r', $domNode);
if ($nodes->length === 1) { if ($nodes->length === 1) {
$textContent = $xmlReader->getValue('w:t', $nodes->item(0)); $textContent = htmlspecialchars($xmlReader->getValue('w:t', $nodes->item(0)), ENT_QUOTES | ENT_XML1);
} else { } else {
$textContent = new TextRun($paragraphStyle); $textContent = new TextRun($paragraphStyle);
foreach ($nodes as $node) { foreach ($nodes as $node) {
@ -275,7 +275,7 @@ abstract class AbstractPart
$parent->addText("\t"); $parent->addText("\t");
} elseif ($node->nodeName == 'w:t' || $node->nodeName == 'w:delText') { } elseif ($node->nodeName == 'w:t' || $node->nodeName == 'w:delText') {
// TextRun // TextRun
$textContent = $xmlReader->getValue('.', $node); $textContent = htmlspecialchars($xmlReader->getValue('.', $node), ENT_QUOTES | ENT_XML1);
if ($runParent->nodeName == 'w:hyperlink') { if ($runParent->nodeName == 'w:hyperlink') {
$rId = $xmlReader->getAttribute('r:id', $runParent); $rId = $xmlReader->getAttribute('r:id', $runParent);