ENGCOM-5761: #2228; Encode xml entities in tag attributes #24336

magento-engcom-team · magento-engcom-team · commit 7cb4a6d41244 · 2019-09-03T17:58:26.000-05:00
- Merge Pull Request #24336 from sergey-solo/magento2:m2-github-issue/2228 - Merged commits: 1. de8028e 2. 781e7bb 3. ada83e4 4. 5eaef76
diff --git a/lib/internal/Magento/Framework/Simplexml/Element.php b/lib/internal/Magento/Framework/Simplexml/Element.php
@@ -30,11 +30,12 @@ class Element extends \SimpleXMLElement
      * @param \Magento\Framework\Simplexml\Element $element
      * @return void
      * @SuppressWarnings(PHPMD.UnusedFormalParameter)
+     * phpcs:disable Magento2.CodeAnalysis.EmptyBlock
      */
     public function setParent($element)
     {
-        //$this->_parent = $element;
     }
+    // phpcs:enable
 
     /**
      * Returns parent node for the element
@@ -179,7 +180,8 @@ public function asArray()
     }
 
     /**
-     * asArray() analog, but without attributes
+     * The asArray() analog, but without attributes
+     *
      * @return array|string
      */
     public function asCanonicalArray()
@@ -245,7 +247,7 @@ public function asNiceXml($filename = '', $level = 0)
         $attributes = $this->attributes();
         if ($attributes) {
             foreach ($attributes as $key => $value) {
-                $out .= ' ' . $key . '="' . str_replace('"', '\"', (string)$value) . '"';
+                $out .= ' ' . $key . '="' . str_replace('"', '\"', $this->xmlentities($value)) . '"';
             }
         }
 
@@ -471,6 +473,7 @@ public function setNode($path, $value, $overwrite = true)
      * Unset self from the XML-node tree
      *
      * Note: trying to refer this object as a variable after "unsetting" like this will result in E_WARNING
+     *
      * @return void
      */
     public function unsetSelf()
