I've run into a problem which I'm not sure how to sort out. I would like to create the following title (as in title in the html head) shown in browsers for my page:

Wolle & Co.

"Wolle & Co." would be the actual title of my page and should be inserted using $page-title, so this would leave me with something like this:

<title><xsl:value-of select="$page-title" /></title>

The problem:

  • I can't enter a non-encoded ampersand (&) in my page title, as then the page can't be rendered due to the following XSLT processing error: loadXML(): xmlParseEntityRef: no name in Entity
  • I can't enter an encoded ampersand (&#38;), as then the &-part is encoded again when calling the $page-title in the XSL, leaving me with &amp;#38; in my source code.

Thanks for your help!

Hmm, odd. The ampersands should be automatically converted to &amp; (or hex/dec equivalent) automatically so that the system won't throw an error.

Well … strangely, the ampersand in &#38; actually seems to be converted to &amp;, but not just a single ampersand on its own. What to do?

I verified that you can even put your whole website down using an unencoded ampersand in a page title. The error will occur on every page because of the unencoded ampersand in the navigation XML.

loadXML(): xmlParseEntityRef: no name in Entity, line: 321

Ill look into it and get some instructions for fixing it shortly.

As the site is live now, I've set up a little workaround directly in my xsl-file:

        <xsl:when test="contains($page-title, '&amp;#38;')">
            <xsl:value-of select="substring-before($page-title, '&amp;#38;')" />
            <xsl:value-of select="substring-after($page-title, '&amp;#38;')" />
            <xsl:value-of select="$page-title" />

It's not especially elegant, but it does the job for now.

Apologies, I have made the fix and made it available via the rev5 git repository. The culprit was in the Navigation DS file, where it was not sanitizing the page names before injecting them into the XML. Line 56 of symphony/lib/toolkit/data-sources/datasource.navigation.php should be:

$oPage->appendChild(new XMLElement('name', General::sanitize($page['title'])));

The changed file can be viewed at:

Replace the contents of symphony/lib/toolkit/data-sources/datasource.navigation.php with the contents of the link above.

Aah, this is better! Wonderful – thanks a lot.

I have seen that the "child page ordering" patch which has been described on the bug tracker is not in the file provided by Alistair. So if you patched you navigation DS file manually before, you should rather apply the new patch manually!

Question: Which version of Symphony is provided at github?

Nils: rev5. Looks like there's also a branch for 1.7. See:

@michael-e: I have added the fix to the git repo

@Nils & cenazoic: I have named it a little better. "Symphony CMS" should really always been "Symphony 2" I think. Please update your clones/forks config to point to git:// instead.

I should add, remember that Symphony 2 is open source. So, if you want to make fixes, please do. You'll need to fork the main repository, make your change then issue us a pull request. This can all be done via the github interface.

hey alistair, i’m seeing this issue in a 2.0.4 build, but the site had been upgraded from v2rev5. i think this is due to the fact that I made that field before you submitted your updates, but I am seeing what you have outlined at line 56 in the DS file. How can i solve this issue while preserving existing information?


Other than upgrading to 2.0.6? ;-)

What field type are you seeing this error with? If it is a text field then take a look at /symphony/lib/toolkit/fields/field.input.php and find the appendFormattedElement function. This is where the XML for this field is built, and probably where encoding can take place.

I’m running into this error. I have a Data Source that is including a field from a section through a Select Box Link and the value-of this field is not being sanitized. I’m not even sure where to begin fixing this.

selectbox_link_field had a ternary conditional operator in its appendFormattedElement function that determined whether or not General::sanitize($value) took place. I just made it to where the sanitization always happened and all is well.

I think this is a known bug, so should be fixed in a future update.

@hoopy: I just wondered which line did you edit from field.selectbox_link.php file as I have the same issue, thanks.

I tried setting $encode=true but with no luck.

Create an account or sign in to comment.

Symphony • Open Source XSLT CMS

Server Requirements

  • PHP 5.3-5.6 or 7.0-7.3
  • PHP's LibXML module, with the XSLT extension enabled (--with-xsl)
  • MySQL 5.5 or above
  • An Apache or Litespeed webserver
  • Apache's mod_rewrite module or equivalent

Compatible Hosts

Sign in

Login details