Merge pull request #4540 from oleibman/issue4537

Don't Use htmlspecialchars When Formatting Xml

Author: oleibman

CHANGELOG.md

@@ -29,6 +29,7 @@ and this project adheres to [Semantic Versioning](https://semver.org).
 
 ### Fixed
 
+- Do not use htmlspecialchars when formatting XML. [Issue #4537](https://github.com/PHPOffice/PhpSpreadsheet/issues/4537) [PR #4540](https://github.com/PHPOffice/PhpSpreadsheet/pull/4540)
 - Writer Html/Pdf support RTL alignment of tables. [Issue #1104](https://github.com/PHPOffice/PhpSpreadsheet/issues/1104) [PR #4535](https://github.com/PHPOffice/PhpSpreadsheet/pull/4535)
 - Xlsx Reader use dynamic arrays if spreadsheet did so. [PR #4533](https://github.com/PHPOffice/PhpSpreadsheet/pull/4533)
 - Ods Reader Nested table-row. [Issue #4528](https://github.com/PHPOffice/PhpSpreadsheet/issues/4528) [Issue #2507](https://github.com/PHPOffice/PhpSpreadsheet/issues/2507) [PR #4531](https://github.com/PHPOffice/PhpSpreadsheet/pull/4531)

src/PhpSpreadsheet/Shared/XMLWriter.php

@@ -91,6 +91,6 @@ public function writeRawData($rawTextData): bool
             $rawTextData = implode("\n", $rawTextData);
         }
 
-        return $this->writeRaw(htmlspecialchars($rawTextData ?? ''));
+        return $this->text($rawTextData ?? '');
     }
 }

src/PhpSpreadsheet/Writer/Xlsx/Worksheet.php

@@ -10,7 +10,6 @@
 use PhpOffice\PhpSpreadsheet\Cell\DataType;
 use PhpOffice\PhpSpreadsheet\Reader\Xlsx\Namespaces;
 use PhpOffice\PhpSpreadsheet\RichText\RichText;
-use PhpOffice\PhpSpreadsheet\Settings;
 use PhpOffice\PhpSpreadsheet\Shared\StringHelper;
 use PhpOffice\PhpSpreadsheet\Shared\XMLWriter;
 use PhpOffice\PhpSpreadsheet\Style\Conditional;
@@ -1440,10 +1439,7 @@ private function writeCellInlineStr(XMLWriter $objWriter, string $mappedType, Ri
             $objWriter->writeElement(
                 't',
                 StringHelper::controlCharacterPHP2OOXML(
-                    htmlspecialchars(
-                        $cellValue,
-                        Settings::htmlEntityFlags()
-                    )
+                    $cellValue
                 )
             );
             $objWriter->endElement();

tests/PhpSpreadsheetTests/Writer/Ods/Issue4537Test.php

@@ -0,0 +1,64 @@
+<?php
+
+declare(strict_types=1);
+
+namespace PhpOffice\PhpSpreadsheetTests\Writer\Ods;
+
+use PhpOffice\PhpSpreadsheet\Cell\DataType;
+use PhpOffice\PhpSpreadsheet\Reader\Ods as OdsReader;
+use PhpOffice\PhpSpreadsheet\RichText\RichText;
+use PhpOffice\PhpSpreadsheet\RichText\TextElement;
+use PhpOffice\PhpSpreadsheet\Shared\File;
+use PhpOffice\PhpSpreadsheet\Spreadsheet;
+use PhpOffice\PhpSpreadsheet\Writer\Ods as OdsWriter;
+use PHPUnit\Framework\TestCase;
+
+class Issue4537Test extends TestCase
+{
+    private string $outputFilename = '';
+
+    protected function tearDown(): void
+    {
+        if ($this->outputFilename !== '') {
+            unlink($this->outputFilename);
+            $this->outputFilename = '';
+        }
+    }
+
+    public function testBackgroundImage(): void
+    {
+        $this->outputFilename = File::temporaryFilename();
+        $testString = "\"He\": '<?>'";
+        $spreadsheet = new Spreadsheet();
+        $sheet = $spreadsheet->getActiveSheet();
+        $sheet->getCell('A1')->setValueExplicit($testString, DataType::TYPE_INLINE);
+        $sheet->getCell('A2')->setValue($testString);
+        $richText = new RichText();
+        $richText->addText(new TextElement($testString));
+        $sheet->getCell('A3')->setValue($richText);
+        $writer = new OdsWriter($spreadsheet);
+        $writer->save($this->outputFilename);
+        $spreadsheet->disconnectWorksheets();
+
+        $reader = new OdsReader();
+        $reloadedSpreadsheet = $reader->load($this->outputFilename);
+        $rsheet = $reloadedSpreadsheet->getActiveSheet();
+        self::assertSame($testString, $rsheet->getCell('A1')->getValueString());
+        self::assertSame($testString, $rsheet->getCell('A2')->getValueString());
+        self::assertSame($testString, $rsheet->getCell('A3')->getValueString());
+        $reloadedSpreadsheet->disconnectWorksheets();
+
+        $file = 'zip://';
+        $file .= $this->outputFilename;
+        $file .= '#content.xml';
+        $data = file_get_contents($file);
+        // expected does not escape apostrophes
+        $expected = '<text:p>&quot;He&quot;: \'&lt;?&gt;\'</text:p>';
+        if ($data === false) {
+            self::fail('Unable to read content file');
+        } else {
+            $count = substr_count($data, $expected);
+            self::assertSame(3, $count);
+        }
+    }
+}

tests/PhpSpreadsheetTests/Writer/Xlsx/Issue4537Test.php

@@ -0,0 +1,76 @@
+<?php
+
+declare(strict_types=1);
+
+namespace PhpOffice\PhpSpreadsheetTests\Writer\Xlsx;
+
+use PhpOffice\PhpSpreadsheet\Cell\DataType;
+use PhpOffice\PhpSpreadsheet\Reader\Xlsx as XlsxReader;
+use PhpOffice\PhpSpreadsheet\RichText\RichText;
+use PhpOffice\PhpSpreadsheet\RichText\TextElement;
+use PhpOffice\PhpSpreadsheet\Shared\File;
+use PhpOffice\PhpSpreadsheet\Spreadsheet;
+use PhpOffice\PhpSpreadsheet\Writer\Xlsx as XlsxWriter;
+use PHPUnit\Framework\TestCase;
+
+class Issue4537Test extends TestCase
+{
+    private string $outputFilename = '';
+
+    protected function tearDown(): void
+    {
+        if ($this->outputFilename !== '') {
+            unlink($this->outputFilename);
+            $this->outputFilename = '';
+        }
+    }
+
+    public function testBackgroundImage(): void
+    {
+        $this->outputFilename = File::temporaryFilename();
+        $testString = "\"He\": '<?>'";
+        $spreadsheet = new Spreadsheet();
+        $sheet = $spreadsheet->getActiveSheet();
+        $sheet->getCell('A1')->setValueExplicit($testString, DataType::TYPE_INLINE);
+        $sheet->getCell('A2')->setValue($testString);
+        $richText = new RichText();
+        $richText->addText(new TextElement($testString));
+        $sheet->getCell('A3')->setValue($richText);
+        $writer = new XlsxWriter($spreadsheet);
+        $writer->save($this->outputFilename);
+        $spreadsheet->disconnectWorksheets();
+
+        $reader = new XlsxReader();
+        $reloadedSpreadsheet = $reader->load($this->outputFilename);
+        $rsheet = $reloadedSpreadsheet->getActiveSheet();
+        self::assertSame($testString, $rsheet->getCell('A1')->getValueString());
+        self::assertSame($testString, $rsheet->getCell('A2')->getValueString());
+        self::assertSame($testString, $rsheet->getCell('A3')->getValueString());
+        $reloadedSpreadsheet->disconnectWorksheets();
+
+        $file = 'zip://';
+        $file .= $this->outputFilename;
+        $file .= '#xl/worksheets/sheet1.xml';
+        $data = file_get_contents($file);
+        // expected, and expected1/2 below, do not escape apostrophes
+        $expected = 't="inlineStr"><is><t>&quot;He&quot;: \'&lt;?&gt;\'</t></is>';
+        if ($data === false) {
+            self::fail('Unable to read worksheets file');
+        } else {
+            self::assertStringContainsString($expected, $data, 'inline string');
+        }
+
+        $file = 'zip://';
+        $file .= $this->outputFilename;
+        $file .= '#xl/sharedStrings.xml';
+        $data = file_get_contents($file);
+        $expected1 = '<t>&quot;He&quot;: \'&lt;?&gt;\'</t>';
+        $expected2 = '<t xml:space="preserve">&quot;He&quot;: \'&lt;?&gt;\'</t>';
+        if ($data === false) {
+            self::fail('Unable to read sharedStrings file');
+        } else {
+            self::assertStringContainsString($expected1, $data, 'string');
+            self::assertStringContainsString($expected2, $data, 'rich text');
+        }
+    }
+}