thanks for answering! This is about PHP/MySQL
The user enters some text that is then processed through htmlentities()
:
$new_userinput = htmlentities($userinput, ENT_QUOTES);
This entry is stored in an XML:
...
<entrylist>
<list>$new_userinput</list>
<info>$someinfo</info>
</entrylist>
...
The xml file is stored in a database in UTF-8 format. The HTML for the site is also set with UTF-8.
What we observed is with a specific input, the xml being processed by:
$p = xml_parser_create();
xml_parse_into_struct($p, $xmlentry, $values, $index);
xml_parser_free($p);`
is not processed properly by the xml_parse_into_struct()
.
What we see in the database is the following:
...
<note>Creatives share shots—small screenshots.</note>
...