search

Daniel15 / simple-nuget-server

A very simple PHP NuGet server
MIT License
116 stars 43 forks source link

SimpleXMLElement::addChild(): unterminated entity referenc #44

Open Steinblock opened 3 years ago

Steinblock commented 3 years ago

On my nuget server search failed for a package with an ampersand in the title, i.e. Tom & Jerry

/var/www/simple-nuget-server/inc/feedwriter.php:213

SimpleXMLElement::addChild(): unterminated entity reference  Jerry

https://server.tld/Search()?$filter=IsLatestVersion&searchTerm='Tom'&targetFramework='net472'&includePrerelease=false&$skip=0&$top=26&semVerLevel=2.0.0'

Replacing $value with htmlspecialchars($value) solved the issue

        private function addMeta($entry, $name, $value, $type = null) {
                $node = $entry->addChild(
                        $name,
                        htmlspecialchars($value),
                        $value,
                        'http://schemas.microsoft.com/ado/2007/08/dataservices'
                );
Daniel15 commented 3 years ago

Thanks! Feel free to submit a pull request with the fix.