Details
-
Bug
-
Resolution: Unresolved
-
Medium
-
None
-
None
-
None
Description
In the package ezsystems/ezplatform-xmltext-fieldtype there's a bug in the ConvertXmlTextToRichTextCommand that causes some attributes to be saved with other content's converted XML.
In function convertFields we have this try catch
try { $xmlDoc = $this->createDocument($inputValue); } catch (RuntimeException $e) { $this->logger->info( $e->getMessage(), [ 'original' => $inputValue, ] ); }
And inside the createDocument function there's this part of code:
try { $result = $document->loadXml($xmlString); if ($result === false) { throw new RuntimeException('Unable to parse ezxmltext. Invalid XML format'); } } catch (ErrorException $e) { throw new RuntimeException($e->getMessage(), $e->getCode()); }
So, when there's XML parsing error and loadXml returns false, it throws RuntimeException. In such case, $xmlDoc will hold a value of previously processed attribute.
Here are steps to reproduce:
Add/modify two attributes in the table ezcontentobject_attribute, both with data_type_string "ezxmltext"
First one with data_text (This one must be processed first by the command!):
<section xmlns:image='http://ez.no/namespaces/ezpublish3/image/' xmlns:xhtml= 'http://ez.no/namespaces/ezpublish3/xhtml/' xmlns:custom='http://ez.no/namespaces/ezpublish3/custom/' ><paragraph>This is a valid XML</paragraph></section>
Second one with data_text (the unescaped ampersand will make $document->loadXml($xmlString) in snippet above, to return false and throw an exception):
<section xmlns:image='http://ez.no/namespaces/ezpublish3/image/' xmlns:xhtml= 'http://ez.no/namespaces/ezpublish3/xhtml/' xmlns:custom='http://ez.no/namespaces/ezpublish3/custom/' ><paragraph>This is a CORRUPTED & XML</paragraph></section>
After you run the convert command, the final result will be that both attributes will have the same value => "...<paragraph>This is a valid XML</paragraph>..."