BUGFIX PPP-54497 simpleXml fix for & in values

viacheslav diomidov · viacheslav diomidov · commit 9df581f925f0 · 2021-10-05T15:47:15.000+03:00
diff --git a/src/Api/Client.php b/src/Api/Client.php
@@ -324,7 +324,7 @@ protected function _expandRequestShortSyntax($request, SimpleXMLElement $xml)
 
         foreach ($parts as $part) {
             @list($name, $value) = explode('=', $part);
-            $node = $node->addChild($name, $value);
+            $node->{$name} = $value;
         }
 
         return $xml->asXML();
@@ -346,7 +346,7 @@ protected function _arrayToXml(array $array, SimpleXMLElement $xml, $parentEl =
             if (is_array($value)) {
                 $this->_arrayToXml($value, $this->_isAssocArray($value) ? $xml->addChild($el) : $xml, $el);
             } else {
-                $xml->addChild($el, $value);
+                $node = $node->addChild($el, htmlspecialchars($value));
             }
         }
 
diff --git a/src/Api/Operator.php b/src/Api/Operator.php
@@ -78,7 +78,7 @@ protected function _getItems($structClass, $infoTag, $field = null, $value = nul
 
         $filterTag = $getTag->addChild('filter');
         if (!is_null($field)) {
-            $filterTag->addChild($field, $value);
+            $filterTag->{$field} = $value;
         }
 
         $getTag->addChild('dataset')->addChild($infoTag);
diff --git a/src/Api/Operator/Certificate.php b/src/Api/Operator/Certificate.php
@@ -18,7 +18,7 @@ public function generate($properties)
         $info = $packet->addChild($this->_wrapperTag)->addChild('generate')->addChild('info');
 
         foreach ($properties as $name => $value) {
-            $info->addChild($name, $value);
+            $info->{$name} = $value;
         }
 
         $response = $this->_client->request($packet);
diff --git a/src/Api/Operator/Customer.php b/src/Api/Operator/Customer.php
@@ -18,7 +18,7 @@ public function create($properties)
         $info = $packet->addChild($this->_wrapperTag)->addChild('add')->addChild('gen_info');
 
         foreach ($properties as $name => $value) {
-            $info->addChild($name, $value);
+            $info->{$name} = $value;
         }
 
         $response = $this->_client->request($packet);
diff --git a/src/Api/Operator/Database.php b/src/Api/Operator/Database.php
@@ -43,7 +43,7 @@ private function _process($command, array $properties)
                 $info->$name = $value;
                 continue;
             }
-            $info->addChild($name, $value);
+            $info->{$name} = $value;
         }
 
         return $this->_client->request($packet);
@@ -136,6 +136,7 @@ private function _get($command, $field, $value)
         $filterTag = $getTag->addChild('filter');
         if (!is_null($field)) {
             $filterTag->addChild($field, $value);
+            $filterTag->{$field} = $value;
         }
 
         $response = $this->_client->request($packet, \PleskX\Api\Client::RESPONSE_FULL);
diff --git a/src/Api/Operator/DatabaseServer.php b/src/Api/Operator/DatabaseServer.php
@@ -53,7 +53,7 @@ private function _get($field = null, $value = null)
 
         $filterTag = $getTag->addChild('filter');
         if (!is_null($field)) {
-            $filterTag->addChild($field, $value);
+            $filterTag->{$field} = $value;
         }
 
         $response = $this->_client->request($packet, \PleskX\Api\Client::RESPONSE_FULL);
diff --git a/src/Api/Operator/Dns.php b/src/Api/Operator/Dns.php
@@ -18,7 +18,7 @@ public function create($properties)
         $info = $packet->addChild($this->_wrapperTag)->addChild('add_rec');
 
         foreach ($properties as $name => $value) {
-            $info->addChild($name, $value);
+            $info->{$name} = $value;
         }
 
         return new Struct\Info($this->_client->request($packet));
@@ -39,7 +39,7 @@ public function bulkCreate(array $records)
             $info = $packet->addChild($this->_wrapperTag)->addChild('add_rec');
 
             foreach ($properties as $name => $value) {
-                $info->addChild($name, $value);
+                $info->{$name} = $value;
             }
         }
 
diff --git a/src/Api/Operator/DnsTemplate.php b/src/Api/Operator/DnsTemplate.php
@@ -21,7 +21,7 @@ public function create(array $properties)
 
         unset($properties['site-id'], $properties['site-alias-id']);
         foreach ($properties as $name => $value) {
-            $info->addChild($name, $value);
+            $info->{$name} = $value;
         }
 
         return new Struct\Info($this->_client->request($packet));
@@ -53,7 +53,7 @@ public function getAll($field = null, $value = null)
 
         $filterTag = $getTag->addChild('filter');
         if (!is_null($field)) {
-            $filterTag->addChild($field, $value);
+            $filterTag->{$field} = $value;
         }
         $getTag->addChild('template');
 
diff --git a/src/Api/Operator/Mail.php b/src/Api/Operator/Mail.php
@@ -28,7 +28,7 @@ public function create($name, $siteId, $mailbox = false, $password = '')
             $mailname->addChild('mailbox')->addChild('enabled', 'true');
         }
         if (!empty($password)) {
-            $mailname->addChild('password')->addChild('value', $password);
+            $mailname->addChild('password')->addChild('value', htmlspecialchars($password));
         }
 
         $response = $this->_client->request($packet);
@@ -48,7 +48,7 @@ public function delete($field, $value, $siteId)
         $packet = $this->_client->getPacket();
         $filter = $packet->addChild($this->_wrapperTag)->addChild('remove')->addChild('filter');
         $filter->addChild('site-id', $siteId);
-        $filter->addChild($field, $value);
+        $filter->{$field} = $value;
         $response = $this->_client->request($packet);
 
         return 'ok' === (string) $response->status;
diff --git a/src/Api/Operator/ProtectedDirectory.php b/src/Api/Operator/ProtectedDirectory.php
@@ -83,7 +83,7 @@ public function addUser($protectedDirectory, $login, $password)
 
         $info->addChild('pd-id', $protectedDirectory->id);
         $info->addChild('login', $login);
-        $info->addChild('password', $password);
+        $info->addChild('password', htmlspecialchars($password));
 
         return new Struct\UserInfo($this->_client->request($packet));
     }
@@ -114,6 +114,7 @@ private function _get($command, $field, $value)
         $filterTag = $getTag->addChild('filter');
         if (!is_null($field)) {
             $filterTag->addChild($field, $value);
+            $filterTag->{$field} = $value;
         }
 
         $response = $this->_client->request($packet, \PleskX\Api\Client::RESPONSE_FULL);
diff --git a/src/Api/Operator/Reseller.php b/src/Api/Operator/Reseller.php
@@ -18,7 +18,7 @@ public function create($properties)
         $info = $packet->addChild($this->_wrapperTag)->addChild('add')->addChild('gen-info');
 
         foreach ($properties as $name => $value) {
-            $info->addChild($name, $value);
+            $info->{$name} = $value;
         }
 
         $response = $this->_client->request($packet);
diff --git a/src/Api/Operator/Site.php b/src/Api/Operator/Site.php
@@ -24,7 +24,7 @@ public function create(array $properties)
             if (!is_scalar($value)) {
                 continue;
             }
-            $infoGeneral->addChild($name, $value);
+            $infoGeneral->{$name} = $value;
         }
 
         // set hosting properties
@@ -33,7 +33,7 @@ public function create(array $properties)
             foreach ($properties[static::PROPERTIES_HOSTING] as $name => $value) {
                 $propertyNode = $hostingNode->addChild('property');
                 $propertyNode->addChild('name', $name);
-                $propertyNode->addChild('value', $value);
+                $propertyNode->addChild('value', htmlspecialchars($value));
             }
         }
 
diff --git a/src/Api/Operator/SiteAlias.php b/src/Api/Operator/SiteAlias.php
@@ -71,7 +71,7 @@ public function getAll($field = null, $value = null)
 
         $filterTag = $getTag->addChild('filter');
         if (!is_null($field)) {
-            $filterTag->addChild($field, $value);
+            $filterTag->{$field} = $value;
         }
 
         $response = $this->_client->request($packet, \PleskX\Api\Client::RESPONSE_FULL);
diff --git a/src/Api/Operator/Subdomain.php b/src/Api/Operator/Subdomain.php
@@ -22,11 +22,11 @@ public function create($properties)
                 foreach ($value as $propertyName => $propertyValue) {
                     $property = $info->addChild($name);
                     $property->addChild('name', $propertyName);
-                    $property->addChild('value', $propertyValue);
+                    $property->addChild('value', htmlspecialchars($propertyValue));
                 }
                 continue;
             }
-            $info->addChild($name, $value);
+            $info->{$name} = $value;
         }
 
         $response = $this->_client->request($packet);
diff --git a/src/Api/Operator/Ui.php b/src/Api/Operator/Ui.php
@@ -31,7 +31,7 @@ public function createCustomButton($owner, $properties)
         $propertiesNode = $buttonNode->addChild('properties');
 
         foreach ($properties as $name => $value) {
-            $propertiesNode->addChild($name, $value);
+            $propertiesNode->{$name} = $value;
         }
 
         $response = $this->_client->request($packet);
diff --git a/src/Api/Operator/Webspace.php b/src/Api/Operator/Webspace.php
@@ -83,7 +83,7 @@ public function create(array $properties, array $hostingProperties = null, strin
             foreach ($hostingProperties as $name => $value) {
                 $property = $infoHosting->addChild('property');
                 $property->addChild('name', $name);
-                $property->addChild('value', $value);
+                $property->addChild('value', htmlspecialchars($value));
             }
 
             if (isset($properties['ip_address'])) {
diff --git a/tests/Utility/PasswordProvider.php b/tests/Utility/PasswordProvider.php
@@ -5,5 +5,5 @@
 
 class PasswordProvider
 {
-    const STRONG_PASSWORD = 'test-PWD*1@42!13#';
+    const STRONG_PASSWORD = 'test-&PWD*1@42!13#';
 }

Original file line number	Diff line number	Diff line change
`@@ -324,7 +324,7 @@ protected function _expandRequestShortSyntax($request, SimpleXMLElement $xml)`
`324`	`324`
`325`	`325`	`foreach ($parts as $part) {`
`326`	`326`	`@list($name, $value) = explode('=', $part);`
`327`		`- $node = $node->addChild($name, $value);`
	`327`	`+ $node->{$name} = $value;`
`328`	`328`	`}`
`329`	`329`
`330`	`330`	`return $xml->asXML();`
`@@ -346,7 +346,7 @@ protected function _arrayToXml(array $array, SimpleXMLElement $xml, $parentEl =`
`346`	`346`	`if (is_array($value)) {`
`347`	`347`	`$this->_arrayToXml($value, $this->_isAssocArray($value) ? $xml->addChild($el) : $xml, $el);`
`348`	`348`	`} else {`
`349`		`- $xml->addChild($el, $value);`
	`349`	`+ $node = $node->addChild($el, htmlspecialchars($value));`
`350`	`350`	`}`
`351`	`351`	`}`
`352`	`352`
Original file line number	Diff line number	Diff line change
`@@ -78,7 +78,7 @@ protected function _getItems($structClass, $infoTag, $field = null, $value = nul`
`78`	`78`
`79`	`79`	`$filterTag = $getTag->addChild('filter');`
`80`	`80`	`if (!is_null($field)) {`
`81`		`- $filterTag->addChild($field, $value);`
	`81`	`+ $filterTag->{$field} = $value;`
`82`	`82`	`}`
`83`	`83`
`84`	`84`	`$getTag->addChild('dataset')->addChild($infoTag);`
Original file line number	Diff line number	Diff line change
`@@ -18,7 +18,7 @@ public function generate($properties)`
`18`	`18`	`$info = $packet->addChild($this->_wrapperTag)->addChild('generate')->addChild('info');`
`19`	`19`
`20`	`20`	`foreach ($properties as $name => $value) {`
`21`		`- $info->addChild($name, $value);`
	`21`	`+ $info->{$name} = $value;`
`22`	`22`	`}`
`23`	`23`
`24`	`24`	`$response = $this->_client->request($packet);`
Original file line number	Diff line number	Diff line change
`@@ -18,7 +18,7 @@ public function create($properties)`
`18`	`18`	`$info = $packet->addChild($this->_wrapperTag)->addChild('add')->addChild('gen_info');`
`19`	`19`
`20`	`20`	`foreach ($properties as $name => $value) {`
`21`		`- $info->addChild($name, $value);`
	`21`	`+ $info->{$name} = $value;`
`22`	`22`	`}`
`23`	`23`
`24`	`24`	`$response = $this->_client->request($packet);`
Original file line number	Diff line number	Diff line change
`@@ -43,7 +43,7 @@ private function _process($command, array $properties)`
`43`	`43`	`$info->$name = $value;`
`44`	`44`	`continue;`
`45`	`45`	`}`
`46`		`- $info->addChild($name, $value);`
	`46`	`+ $info->{$name} = $value;`
`47`	`47`	`}`
`48`	`48`
`49`	`49`	`return $this->_client->request($packet);`
`@@ -136,6 +136,7 @@ private function _get($command, $field, $value)`
`136`	`136`	`$filterTag = $getTag->addChild('filter');`
`137`	`137`	`if (!is_null($field)) {`
`138`	`138`	`$filterTag->addChild($field, $value);`
	`139`	`+ $filterTag->{$field} = $value;`
`139`	`140`	`}`
`140`	`141`
`141`	`142`	`$response = $this->_client->request($packet, \PleskX\Api\Client::RESPONSE_FULL);`
Original file line number	Diff line number	Diff line change
`@@ -53,7 +53,7 @@ private function _get($field = null, $value = null)`
`53`	`53`
`54`	`54`	`$filterTag = $getTag->addChild('filter');`
`55`	`55`	`if (!is_null($field)) {`
`56`		`- $filterTag->addChild($field, $value);`
	`56`	`+ $filterTag->{$field} = $value;`
`57`	`57`	`}`
`58`	`58`
`59`	`59`	`$response = $this->_client->request($packet, \PleskX\Api\Client::RESPONSE_FULL);`
Original file line number	Diff line number	Diff line change
`@@ -21,7 +21,7 @@ public function create(array $properties)`
`21`	`21`
`22`	`22`	`unset($properties['site-id'], $properties['site-alias-id']);`
`23`	`23`	`foreach ($properties as $name => $value) {`
`24`		`- $info->addChild($name, $value);`
	`24`	`+ $info->{$name} = $value;`
`25`	`25`	`}`
`26`	`26`
`27`	`27`	`return new Struct\Info($this->_client->request($packet));`
`@@ -53,7 +53,7 @@ public function getAll($field = null, $value = null)`
`53`	`53`
`54`	`54`	`$filterTag = $getTag->addChild('filter');`
`55`	`55`	`if (!is_null($field)) {`
`56`		`- $filterTag->addChild($field, $value);`
	`56`	`+ $filterTag->{$field} = $value;`
`57`	`57`	`}`
`58`	`58`	`$getTag->addChild('template');`
`59`	`59`
Original file line number	Diff line number	Diff line change
`@@ -83,7 +83,7 @@ public function addUser($protectedDirectory, $login, $password)`
`83`	`83`
`84`	`84`	`$info->addChild('pd-id', $protectedDirectory->id);`
`85`	`85`	`$info->addChild('login', $login);`
`86`		`- $info->addChild('password', $password);`
	`86`	`+ $info->addChild('password', htmlspecialchars($password));`
`87`	`87`
`88`	`88`	`return new Struct\UserInfo($this->_client->request($packet));`
`89`	`89`	`}`
`@@ -114,6 +114,7 @@ private function _get($command, $field, $value)`
`114`	`114`	`$filterTag = $getTag->addChild('filter');`
`115`	`115`	`if (!is_null($field)) {`
`116`	`116`	`$filterTag->addChild($field, $value);`
	`117`	`+ $filterTag->{$field} = $value;`
`117`	`118`	`}`
`118`	`119`
`119`	`120`	`$response = $this->_client->request($packet, \PleskX\Api\Client::RESPONSE_FULL);`
Original file line number	Diff line number	Diff line change
`@@ -24,7 +24,7 @@ public function create(array $properties)`
`24`	`24`	`if (!is_scalar($value)) {`
`25`	`25`	`continue;`
`26`	`26`	`}`
`27`		`- $infoGeneral->addChild($name, $value);`
	`27`	`+ $infoGeneral->{$name} = $value;`
`28`	`28`	`}`
`29`	`29`
`30`	`30`	`// set hosting properties`
`@@ -33,7 +33,7 @@ public function create(array $properties)`
`33`	`33`	`foreach ($properties[static::PROPERTIES_HOSTING] as $name => $value) {`
`34`	`34`	`$propertyNode = $hostingNode->addChild('property');`
`35`	`35`	`$propertyNode->addChild('name', $name);`
`36`		`- $propertyNode->addChild('value', $value);`
	`36`	`+ $propertyNode->addChild('value', htmlspecialchars($value));`
`37`	`37`	`}`
`38`	`38`	`}`
`39`	`39`
Original file line number	Diff line number	Diff line change
`@@ -71,7 +71,7 @@ public function getAll($field = null, $value = null)`
`71`	`71`
`72`	`72`	`$filterTag = $getTag->addChild('filter');`
`73`	`73`	`if (!is_null($field)) {`
`74`		`- $filterTag->addChild($field, $value);`
	`74`	`+ $filterTag->{$field} = $value;`
`75`	`75`	`}`
`76`	`76`
`77`	`77`	`$response = $this->_client->request($packet, \PleskX\Api\Client::RESPONSE_FULL);`