Open Nemo64 opened 1 year ago
When I try to book something, using this SDK, that has the & character in the name, like a company "example GmbH & Co. KG", then I get the following error:
&
DOMDocument::createElement(): unterminated entity reference
So that means, all the createElement calls that have a value directly given can throw this error. I build a small demo: https://onlinephp.io?s=s7EvyCjg5eLlUknJT1awVchLLVdw8fd1yU8uzU3NK9HQtAZK5eWnpALlQEp07ZKLUhNLUl1zUsHyShW5OUo6CkoZiTk5-QpqCuWpOSVKYE1gxYkFBal5Kc4ZmTkpGmBjQFKpyRn5UMOKE8tSI3x9gNYAAA%2C%2C&v=8.2.7
createElement
I looked though the source code and that way of setting the value of an xml node is used a lot. All of these have this potential escaping issue.
When I try to book something, using this SDK, that has the
&character in the name, like a company "example GmbH & Co. KG", then I get the following error:So that means, all the
createElementcalls that have a value directly given can throw this error.I build a small demo: https://onlinephp.io?s=s7EvyCjg5eLlUknJT1awVchLLVdw8fd1yU8uzU3NK9HQtAZK5eWnpALlQEp07ZKLUhNLUl1zUsHyShW5OUo6CkoZiTk5-QpqCuWpOSVKYE1gxYkFBal5Kc4ZmTkpGmBjQFKpyRn5UMOKE8tSI3x9gNYAAA%2C%2C&v=8.2.7
I looked though the source code and that way of setting the value of an xml node is used a lot. All of these have this potential escaping issue.