Description
@MonerisSolutions
I find a critical bug within mpgResponse class.
The XML parser "failed" on identifying special XML entity character '&'. For example, we expect
<ACSUrl>https://host/path?item1=1&item2=2</ACSUrl>to be parsed as:
['ACSUrl' => 'https://host/path?item1=1&item2=2']However, the actual outcome is:
['ACSUrl' => 'item2=2']The cause of this bug is within method mpgResponse::characterHandler($parser, $data)
Due to '&' as an special XML entity character, the 'data node':
https://host/path?item1=1&item2=2
is tokenized into 3 separate fields:
https://host/path?item1=1
&
item2=2
It means mpgResponse::characterHandler would be invoked three times by php xml parser although the currentTag remain unchanged across these 3 times function calls.
Near the end of mpgResponse::characterHandler, there is a statement
$this->responseData[$this->currentTag] = $data;
So, the later tokenized string will overwrite the previous one. This explain the bug.
In fact, all 5 special xml entity characters will cause this bug.
Thus, I propose to concatenate the tokenized data string instead
$this->responseData[$this->currentTag] .= $data;