Bug #12622

Reserved characters in site title are not escaped in OAI response; cause errors in Identify OAI response

Added by Dan Gillean over 3 years ago. Updated over 3 years ago.

Status:VerifiedStart date:12/07/2018
Priority:MediumDue date:
Assignee:-% Done:


Target version:Release 2.5.0
Google Code Legacy ID: Tested version:2.4, 2.5
Sponsored:No Requires documentation:


First reported via GitHub by Paul Collins, staff at the Mills Archive - https://github.com/artefactual/atom/issues/803
Reproduced locally in qa/2.5.x

To reproduce

  • Navigate to Admin > Settings > Site information and change your site title to something that includes a reserved character in XML (e.g. < & > ) - for example, "Demo & Testing" - and save
  • Navigate to Admin > Plugins and make sure the arOaiPlugin is enabled, and save
  • If necessary, navigate back to Admin > Settings and configure the OAI repository setting and save
  • Enter the query for the Identify OAI verb - for example:;oai?verb=Identify

Resulting error

  • ampersand and angle bracket characters are not properly escaped in the OAI response
  • The site title causes an error that prevents the Identify response from loading correctly:
This page contains the following errors:
error on line 6 at column 27: xmlParseEntityRef: no name

Below is a rendering of the page up to the first error.

2018-12-07T21:14:21Z;oai Demo 

Expected result

  • AtoM should escape reserved characters before including them in the OAI response
  • A site title that includes an ampersand should not cause the OAI responses to fail


#1 Updated by Mike Cantelon over 3 years ago

  • Assignee set to Mike Cantelon

#2 Updated by Mike Cantelon over 3 years ago

  • Status changed from New to Code Review
  • Assignee deleted (Mike Cantelon)

#3 Updated by Steve Breker over 3 years ago

  • Status changed from Code Review to Feedback
  • Assignee set to Mike Cantelon

CR complete - Looks great!

#4 Updated by Mike Cantelon over 3 years ago

  • Status changed from Feedback to QA/Review
  • Assignee changed from Mike Cantelon to Dan Gillean

Thanks Steve!

Merged into qa/2.5.x for QA.

#5 Updated by Dan Gillean over 3 years ago

  • Status changed from QA/Review to Verified
  • Assignee deleted (Dan Gillean)
  • Target version set to Release 2.5.0

Works! Thanks!

Also available in: Atom PDF