Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-29712

The REST web service creates invalid XML by encoding HTML entities

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.0.6, 2.1, 2.2
    • Fix Version/s: 2.0.7, 2.1.4, 2.2.1
    • Component/s: Web Services
    • Labels:
      None
    • Testing Instructions:
      Hide

      Edit the user linked to the token and set the first name as Noël. Enable mobile web service and also the REST protocol.

      Use the Javascript-REST demo client (https://github.com/moodlehq/sample-ws-clients/tree/master/JAVASCRIPT-REST) and change these lines:

      var functionname = 'moodle_webservice_get_siteinfo';
      
      // ....
      
      var data = {
          wstoken: token,
          wsfunction: functionname,
          moodlewsrestformat: 'xml'
      }
      
      var response = $.ajax(
                            {   type: 'POST',
                                data: data,
                                dataType: 'text',
                                url: serverurl,
                                success: function(data) { 
                                     console.log('Parsed data');
                                     data = $.parseXML(data); 
                                     console.log(data);
                                }
                             }
                            );
      

      In firebug: no JS errors (mainly an xml parsing error) should appeared. You should be able to see the resulting XML in your JS logs.

      For 2.0 testing you'll have to create your own service and use moodle_user_get_users_by_id ws function. You'll also have to change these lines:

      var functionname = 'moodle_user_get_users_by_id';
      
      // ...
      
      var users = ['2'];
      
      var data = {
          wstoken: token,
          wsfunction: functionname,
                      userids: users
      }
      
      var response = $.ajax(
                            {   type: 'POST',
                                data: data,
                                dataType: 'text',
                                url: serverurl,
                                success: function(data) { 
                                     console.log('Parsed data');
                                     data = $.parseXML(data); 
                                     console.log(data);
                                }
                             }
                            );
      
      Show
      Edit the user linked to the token and set the first name as Noël. Enable mobile web service and also the REST protocol. Use the Javascript-REST demo client ( https://github.com/moodlehq/sample-ws-clients/tree/master/JAVASCRIPT-REST ) and change these lines: var functionname = 'moodle_webservice_get_siteinfo'; // .... var data = { wstoken: token, wsfunction: functionname, moodlewsrestformat: 'xml' } var response = $.ajax( { type: 'POST', data: data, dataType: 'text', url: serverurl, success: function(data) { console.log('Parsed data'); data = $.parseXML(data); console.log(data); } } ); In firebug: no JS errors (mainly an xml parsing error) should appeared. You should be able to see the resulting XML in your JS logs. For 2.0 testing you'll have to create your own service and use moodle_user_get_users_by_id ws function. You'll also have to change these lines: var functionname = 'moodle_user_get_users_by_id'; // ... var users = ['2']; var data = { wstoken: token, wsfunction: functionname, userids: users } var response = $.ajax( { type: 'POST', data: data, dataType: 'text', url: serverurl, success: function(data) { console.log('Parsed data'); data = $.parseXML(data); console.log(data); } } );
    • Workaround:
      Hide

      For javascript client using jquery:

      $.ajax({
      type: "POST",
      url: siteurl+"/webservice/rest/server.php?wstoken="+mytoken,
      data: data,
      dataType: 'text',
      dataFilter: function(data, dataType)

      { // XML returned by Moodle is not well parsed data = data.replace(/\<VALUE\>/gi,'<VALUE><![CDATA[').replace(/\<\/VALUE\>/gi,']]></VALUE>'); data = data.replace(/\<MESSAGE\>/gi,'<MESSAGE><![CDATA[').replace(/\<\/MESSAGE\>/gi,']]></MESSAGE>'); return data; }

      ,
      success: function(data)

      { ....data = $.parseXML(data); // }

      });

      Show
      For javascript client using jquery: $.ajax({ type: "POST", url: siteurl+"/webservice/rest/server.php?wstoken="+mytoken, data: data, dataType: 'text', dataFilter: function(data, dataType) { // XML returned by Moodle is not well parsed data = data.replace(/\<VALUE\>/gi,'<VALUE><![CDATA[').replace(/\<\/VALUE\>/gi,']]></VALUE>'); data = data.replace(/\<MESSAGE\>/gi,'<MESSAGE><![CDATA[').replace(/\<\/MESSAGE\>/gi,']]></MESSAGE>'); return data; } , success: function(data) { ....data = $.parseXML(data); // } });
    • Affected Branches:
      MOODLE_20_STABLE, MOODLE_21_STABLE, MOODLE_22_STABLE
    • Fixed Branches:
      MOODLE_20_STABLE, MOODLE_21_STABLE, MOODLE_22_STABLE
    • Pull Master Branch:

      Description

      The XML output produced by the REST web service converts all applicable characters to HTML entities. Most of these entities are not defined in XML and if they are in output of the REST web service function that output is not valid XML.

      In /webservice/rest/locallib.php in the xmlize_result() function all values in the output are filtered through the php htmlentities() function. Instead use the php htmlspecialchars function to only convert these characters – & < > " ' – to html entities.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Votes:
                  3 Vote for this issue
                  Watchers:
                  2 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:
                    Fix Release Date:
                    9/Jan/12