XML escape for templateprocessor setValue #746

evotodi · 2016-02-26T21:22:47Z

PHPWord Version 0.12.0
Setting a value with an & in the string will cause Word to think the document is corrupt.

Add the below function to TemplateProcessor.php:
/**
* @param string $string
* @return string
*/
private function xmlEscape($string) {
return str_replace(array('&', '<', '>', '\'', '"'), array('&', '<', '>', ''', '"'), $string);
}

Add this to the first line of public function setValue in TemplateProcessor.php:
$replace = $this->xmlEscape($replace);

The text was updated successfully, but these errors were encountered:

pv451 · 2016-03-06T08:03:29Z

Actually you may just call setValue as it done in samples setValue('some',htmlspecialchars($some));

ghost · 2016-07-09T07:33:55Z

#671 (comment).

SadPencil · 2017-09-10T06:48:22Z

@pv451 I don't agree. Take an example, ￠£¥€§©®™×÷
these character shouldn't be converted to html entities.
Only "'&<> should be converted.
htmlentities() is not suitable. str_replace()is better.

ghost added Change Request Open XML (Word 2007+) Template Processor labels Jul 9, 2016

ghost added this to the v0.13.0 milestone Jul 9, 2016

ghost self-assigned this Jul 9, 2016

ghost closed this as completed Jul 9, 2016

SadPencil unassigned ghost Sep 10, 2017

This issue was closed.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

XML escape for templateprocessor setValue #746

XML escape for templateprocessor setValue #746

evotodi commented Feb 26, 2016

pv451 commented Mar 6, 2016

ghost commented Jul 9, 2016

SadPencil commented Sep 10, 2017

XML escape for templateprocessor setValue #746

XML escape for templateprocessor setValue #746

Comments

evotodi commented Feb 26, 2016

pv451 commented Mar 6, 2016

ghost commented Jul 9, 2016

SadPencil commented Sep 10, 2017