Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-29712

The REST web service creates invalid XML by encoding HTML entities

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 2.0.6, 2.1, 2.2
    • 2.0.7, 2.1.4, 2.2.1
    • Web Services
    • None
    • MOODLE_20_STABLE, MOODLE_21_STABLE, MOODLE_22_STABLE
    • MOODLE_20_STABLE, MOODLE_21_STABLE, MOODLE_22_STABLE
    • Hide

      For javascript client using jquery:

      $.ajax({
      type: "POST",
      url: siteurl+"/webservice/rest/server.php?wstoken="+mytoken,
      data: data,
      dataType: 'text',
      dataFilter: function(data, dataType)

      { // XML returned by Moodle is not well parsed data = data.replace(/\<VALUE\>/gi,'<VALUE><![CDATA[').replace(/\<\/VALUE\>/gi,']]></VALUE>'); data = data.replace(/\<MESSAGE\>/gi,'<MESSAGE><![CDATA[').replace(/\<\/MESSAGE\>/gi,']]></MESSAGE>'); return data; }

      ,
      success: function(data)

      { ....data = $.parseXML(data); // }

      });

      Show
      For javascript client using jquery: $.ajax({ type: "POST", url: siteurl+"/webservice/rest/server.php?wstoken="+mytoken, data: data, dataType: 'text', dataFilter: function(data, dataType) { // XML returned by Moodle is not well parsed data = data.replace(/\<VALUE\>/gi,'<VALUE><![CDATA[').replace(/\<\/VALUE\>/gi,']]></VALUE>'); data = data.replace(/\<MESSAGE\>/gi,'<MESSAGE><![CDATA[').replace(/\<\/MESSAGE\>/gi,']]></MESSAGE>'); return data; } , success: function(data) { ....data = $.parseXML(data); // } });
    • Hide

      Edit the user linked to the token and set the first name as Noël. Enable mobile web service and also the REST protocol.

      Use the Javascript-REST demo client (https://github.com/moodlehq/sample-ws-clients/tree/master/JAVASCRIPT-REST) and change these lines:

       
      var functionname = 'moodle_webservice_get_siteinfo';
       
      // ....
       
      var data = {
          wstoken: token,
          wsfunction: functionname,
          moodlewsrestformat: 'xml'
      }
       
      var response = $.ajax(
                            {   type: 'POST',
                                data: data,
                                dataType: 'text',
                                url: serverurl,
                                success: function(data) { 
                                     console.log('Parsed data');
                                     data = $.parseXML(data); 
                                     console.log(data);
                                }
                             }
                            );

      In firebug: no JS errors (mainly an xml parsing error) should appeared. You should be able to see the resulting XML in your JS logs.

      For 2.0 testing you'll have to create your own service and use moodle_user_get_users_by_id ws function. You'll also have to change these lines:

       
      var functionname = 'moodle_user_get_users_by_id';
       
      // ...
       
      var users = ['2'];
       
      var data = {
          wstoken: token,
          wsfunction: functionname,
                      userids: users
      }
       
      var response = $.ajax(
                            {   type: 'POST',
                                data: data,
                                dataType: 'text',
                                url: serverurl,
                                success: function(data) { 
                                     console.log('Parsed data');
                                     data = $.parseXML(data); 
                                     console.log(data);
                                }
                             }
                            );

      Show
      Edit the user linked to the token and set the first name as Noël. Enable mobile web service and also the REST protocol. Use the Javascript-REST demo client ( https://github.com/moodlehq/sample-ws-clients/tree/master/JAVASCRIPT-REST ) and change these lines:   var functionname = 'moodle_webservice_get_siteinfo';   // ....   var data = { wstoken: token, wsfunction: functionname, moodlewsrestformat: 'xml' }   var response = $.ajax( { type: 'POST', data: data, dataType: 'text', url: serverurl, success: function(data) { console.log('Parsed data'); data = $.parseXML(data); console.log(data); } } ); In firebug: no JS errors (mainly an xml parsing error) should appeared. You should be able to see the resulting XML in your JS logs. For 2.0 testing you'll have to create your own service and use moodle_user_get_users_by_id ws function. You'll also have to change these lines:   var functionname = 'moodle_user_get_users_by_id';   // ...   var users = ['2'];   var data = { wstoken: token, wsfunction: functionname, userids: users }   var response = $.ajax( { type: 'POST', data: data, dataType: 'text', url: serverurl, success: function(data) { console.log('Parsed data'); data = $.parseXML(data); console.log(data); } } );

    Description

      The XML output produced by the REST web service converts all applicable characters to HTML entities. Most of these entities are not defined in XML and if they are in output of the REST web service function that output is not valid XML.

      In /webservice/rest/locallib.php in the xmlize_result() function all values in the output are filtered through the php htmlentities() function. Instead use the php htmlspecialchars function to only convert these characters – & < > " ' – to html entities.

      Attachments

        Issue Links

          Activity

            People

              jerome Jérôme Mouneyrac
              tcubanski Tom Cubanski
              Sam Hemelryk Sam Hemelryk
              Rajesh Taneja Rajesh Taneja
              Juan Leyva, Amaia Anabitarte, Carlos Escobedo, Ferran Recio, Ilya Tregubov, Laurent David, Sara Arjona (@sarjona)
              Votes:
              3 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:
                9/Jan/12