I really hope you escape $_GET variables. D.
-----Original Message----- From: oxygen-user-bounces@oxygenxml.com [mailto:oxygen-user-bounces@oxygenxml.com] On Behalf Of Radu Coravu Sent: Thursday, November 24, 2011 10:45 AM To: oxygen-user@oxygenxml.com Subject: Re: [oXygen-user] more problems with xml-model processinginstruction
Hi Tara,
I made some tests with Oxygen 13.1 and the application seems to correctly unescape the entities in the xml-model value before passing the information to the validator.
In my test I used an XML file with the content:
<?xml-model href="http://devel-new.sync.ro/~test/testAmp.php?a=b&c=el3" type="application/xml" schematypens="http://www.w3.org/2001/XMLSchema"?> <root></root>
which used for validation a simple PHP script located on our web server with the content:
<?php echo "<xs:schema xmlns:xs='http://www.w3.org/2001/XMLSchema' elementFormDefault='qualified'> <xs:element name='root'> <xs:complexType> <xs:sequence> <xs:element name='"; echo $_GET["c"]; echo "'/> </xs:sequence> </xs:complexType> </xs:element> </xs:schema>"; ?>
So the PHP script returned a slightly different XML Schema depending on the value of the "c" GET parameter.
Changing the value of the "c" parameter directly in the XML changed the error received from the Xerces parser.
Could you give me a simple example which shows the problem on your side?
Regards, Radu
Radu Coravu <oXygen/> XML Editor, Schema Editor and XSLT Editor/Debugger http://www.oxygenxml.com
On 11/24/2011 5:29 AM, Tara Athan wrote:
In Oxygen 12.2& 13.1: If the value of the @href attribute of an xml-model processing instruction is a URL with query string, the ampersands in the query string must be replaced with& to avoid an error. This is as it should be.
BUT when the attribute value is then used to obtain the schema, it appears that the& entities are not converted back to&, leading to errors in resolving the URL.
Tara _______________________________________________ oXygen-user mailing list oXygen-user@oxygenxml.com http://www.oxygenxml.com/mailman/listinfo/oxygen-user
_______________________________________________ oXygen-user mailing list oXygen-user@oxygenxml.com http://www.oxygenxml.com/mailman/listinfo/oxygen-user
Dit bericht is afkomstig van De Telefoongids BV en uitsluitend bestemd voor de geadresseerde. Dit bericht kan vertrouwelijke informatie bevatten. Als u dit bericht per abuis hebt ontvangen, dan wordt u verzocht de afzender te informeren en het bericht en eventuele bijlagen te vernietigen. Communicatie via Internet is niet beveiligd. De Telefoongids BV aanvaardt geen aansprakelijkheid voor wijzigingen in de inhoud van het bericht en eventuele bijlagen, onrechtmatige openbaarmaking ervan jegens derden of schade als gevolg van gebruik van e-mailcommunicatie. De Telefoongids BV is gevestigd te Amsterdam (Handelregister nr. 27198207). ---------------------------------------------------------------------------------------------------------------------------- This message is sent from De Telefoongids BV and is intended only for use by the recipient. It may contain confidential information. If you are not the intended recipient, please advise the sender immediately by reply e-mail and delete this message and any attachments. Internet communications are not secure. De Telefoongids BV does not accept any liability for mutilations to the contents of this message and attachments thereto, if any, unlawful disclosure thereof to third parties, or damage resulting from the use of e-mail communications. De Telefoongids BV is a private limited company with its seat in Amsterdam (Trade Register no. 27198207).