DOMXPath::quote(string $str): string

[divinity76]

method to quote strings in XPath,
similar to PDO::quote() / mysqli::real_escape_string()

sample usage:

$xp->query("//span[contains(text()," . $xp->quote($string) . ")]")

some variant of this is useful in HTML scraping scenarios.

the algorithm is derived from Robert Rossney's research into XPath quoting published at https://stackoverflow.com/a/1352556/1067003 (but using an improved implementation I wrote myself, originally for chrome-php/chrome#575 )

[nielsdos]

Thanks for this patch! I just have some minor comments, it looks mostly good.
I think it's a useful addition that makes a lot of sense.

[nielsdos]

2 more minor things and then it's good!
Thanks for your work.

[Girgias]

I wonder if it makes sense trying to add this to the fuzzer to see if it finds differences in behaviour?

[divinity76]

don't know what fuzzer you're talking about, but sounds good because if there is any difference, it's probably a bug in the C version 👍

[nielsdos]

We could fuzz this, but it will be a bit cumbersome to write a specific driver for this. We could ask ourselves whether we want to do it generalised for all these kinds of quoting methods.

[nielsdos]

Looks good, tests pass. Tonight I will throw this in a fuzzer to find crashes and merge it if it's fine. Thanks for your work!

[nielsdos]

I've let it fuzz to search for crashes for a while now. It tried about 23 million cases and all seems good.

If anyone is interested, here's the fuzz harness: https://gist.github.com/nielsdos/44981a753808129b0222f3ef28429c69
Compile & run with: clang tmp.c -O1 -g -o ./tmp -I./main -I./Zend -I. -I./TSRM -fsanitize=fuzzer,address && ./tmp

Basically, I just copied the function's code and made some wrappers for necessary functionality or copied some stuff over from the Zend code into the harness. That way I can run it without having to start the interpreter, which is easier.