Bug #12622

Reserved characters in site title are not escaped in OAI response; cause errors in Identify OAI response

Added by Dan Gillean 6 months ago. Updated 5 months ago.

Status:VerifiedStart date:12/07/2018
Priority:MediumDue date:
Assignee:-% Done:

0%

Category:OAI-PMH
Target version:Release 2.5.0
Google Code Legacy ID: Tested version:2.4, 2.5
Sponsored:No Requires documentation:

Description

First reported via GitHub by Paul Collins, staff at the Mills Archive - https://github.com/artefactual/atom/issues/803
Reproduced locally in qa/2.5.x

To reproduce

  • Navigate to Admin > Settings > Site information and change your site title to something that includes a reserved character in XML (e.g. < & > ) - for example, "Demo & Testing" - and save
  • Navigate to Admin > Plugins and make sure the arOaiPlugin is enabled, and save
  • If necessary, navigate back to Admin > Settings and configure the OAI repository setting and save
  • Enter the query for the Identify OAI verb - for example:
http://10.10.10.10/;oai?verb=Identify

Resulting error

  • ampersand and angle bracket characters are not properly escaped in the OAI response
  • The site title causes an error that prevents the Identify response from loading correctly:
This page contains the following errors:
error on line 6 at column 27: xmlParseEntityRef: no name

Below is a rendering of the page up to the first error.

2018-12-07T21:14:21Z http://10.10.10.10/;oai Demo 

Expected result

  • AtoM should escape reserved characters before including them in the OAI response
  • A site title that includes an ampersand should not cause the OAI responses to fail

History

#1 Updated by Mike Cantelon 6 months ago

  • Assignee set to Mike Cantelon

#2 Updated by Mike Cantelon 6 months ago

  • Status changed from New to Code Review
  • Assignee deleted (Mike Cantelon)

#3 Updated by Steve Breker 5 months ago

  • Status changed from Code Review to Feedback
  • Assignee set to Mike Cantelon

CR complete - Looks great!

#4 Updated by Mike Cantelon 5 months ago

  • Status changed from Feedback to QA/Review
  • Assignee changed from Mike Cantelon to Dan Gillean

Thanks Steve!

Merged into qa/2.5.x for QA.

#5 Updated by Dan Gillean 5 months ago

  • Status changed from QA/Review to Verified
  • Assignee deleted (Dan Gillean)
  • Target version set to Release 2.5.0

Works! Thanks!

Also available in: Atom PDF