Merge branch 'hotfix/21'

Close #21

Author: weierophinney

CHANGELOG.md

@@ -29,6 +29,10 @@ Versions 0.3.0 and prior were released as "weierophinney/problem-details".
   aspect of the payload. When these values are encountered, the response factory
   now will instead return `Resource of type {resource type}`.
 
+- [#21](https://github.com/zendframework/zend-problem-details/pull/21) provides
+  a defence for `$additional` data keys that would otherwise create malformed
+  XML tag names.
+
 ## 0.5.0 - 2017-10-09
 
 ### Added

src/ProblemDetailsResponseFactory.php

@@ -289,12 +289,40 @@ protected function generateJsonResponse(array $payload) : ResponseInterface
         );
     }
 
+    /**
+     * Ensure all keys in this associative array are valid XML tag names by replacing invalid
+     * characters with an `_`.
+     */
+    private function cleanKeysForXml(array $input): array
+    {
+        $return = [];
+        foreach ($input as $key => $value) {
+            $startCharacterPattern =
+                '[A-Z]|_|[a-z]|[\xC0-\xD6]|[\xD8-\xF6]|[\xF8-\x{2FF}]|[\x{370}-\x{37D}]|[\x{37F}-\x{1FFF}]|'
+                . '[\x{200C}-\x{200D}]|[\x{2070}-\x{218F}]|[\x{2C00}-\x{2FEF}]|[\x{3001}-\x{D7FF}]|[\x{F900}-\x{FDCF}]'
+                . '|[\x{FDF0}-\x{FFFD}]';
+            $characterPattern = $startCharacterPattern . '|\-|\.|[0-9]|\xB7|[\x{300}-\x{36F}]|[\x{203F}-\x{2040}]';
+
+            $key = preg_replace('/(?!'.$characterPattern.')./u', '_', $key);
+            $key = preg_replace('/^(?!'.$startCharacterPattern.')./u', '_', $key);
+
+            if (is_array($value)) {
+                $value = $this->cleanKeysForXml($value);
+            }
+            $return[$key] = $value;
+        }
+        return $return;
+    }
+
     protected function generateXmlResponse(array $payload) : ResponseInterface
     {
         // Ensure any objects are flattened to arrays first
         $content = json_decode(json_encode($payload), true);
 
-        $converter = new ArrayToXml($content, 'problem');
+        // ensure all keys are valid XML can be json_encoded
+        $cleanedContent = $this->cleanKeysForXml($content);
+
+        $converter = new ArrayToXml($cleanedContent, 'problem');
         $dom = $converter->toDom();
         $root = $dom->firstChild;
         $root->setAttribute('xmlns', 'urn:ietf:rfc:7807');

test/ProblemDetailsResponseFactoryTest.php

@@ -105,6 +105,48 @@ public function testCreateResponseFromThrowableCreatesExpectedTypeWithExtraInfor
         $this->assertArrayHasKey('exception', $payload);
     }
 
+    /**
+     * @dataProvider acceptHeaders
+     */
+    public function testCreateResponseRemovesInvalidCharactersFromXmlKeys(string $header, string $expectedType) : void
+    {
+        $this->request->getHeaderLine('Accept')->willReturn($header);
+
+        $additional = [
+            'foo' => [
+                'A#-' => 'foo',
+                '-A-' => 'foo',
+                '#B-' => 'foo',
+            ],
+        ];
+
+        $response = $this->factory->createResponse(
+            $this->request->reveal(),
+            500,
+            'Unknown error occurred',
+            'Title',
+            'Type',
+            $additional
+        );
+
+        $this->assertInstanceOf(ResponseInterface::class, $response);
+        $this->assertEquals($expectedType, $response->getHeaderLine('Content-Type'));
+
+        $payload = $this->getPayloadFromResponse($response);
+
+        if (stripos($expectedType, 'xml')) {
+            $expectedKeyNames = [
+                'A_-',
+                '_A-',
+                '_B-',
+            ];
+        } else {
+            $expectedKeyNames = array_keys($additional['foo']);
+        }
+
+        $this->assertEquals(array_keys($payload['foo']), $expectedKeyNames);
+    }
+
     public function testCreateResponseFromThrowableWillPullDetailsFromProblemDetailsExceptionInterface() : void
     {
         $e = $this->prophesize(RuntimeException::class)->willImplement(ProblemDetailsExceptionInterface::class);