TemplateProcessor bug on SetValue with "&"

[samuel-lujan]

Describe the Bug

When I'm using the TemplateProcessor to change some values on my docx template and the value that I'll set on the place at the ${varaiable} has the char & it brokes the document

Steps to Reproduce

Please provide a code sample that reproduces the issue.

<?php
require __DIR__ . '/vendor/autoload.php';

$phpWord = new \PhpOffice\PhpWord\PhpWord();

$template = public_path('files/mytemplate.docx');

$word = new TemplateProcessor($template);


$word->setValue('company_name', "Geat&Greater");

Expected Behavior

on the document that I save on my folder it was expected to be with the company name Geat&Greater

Context

Please fill in your environment information:

• PHP Version: 8.1
• PHPWord Version: "phpoffice/phpword": "^0.18.3",
• Laravel 9

[samuel-lujan]

error on open some "corrupted file" generated by the lib, on version 0.18.3 and 1.1

[thomasb88]

setValue change the data in the xml files of the Word File.
You should replace & by the corresponding xml entity, that is to say
&
I would say.
I guess it should be automatized for all specific xml entities in TemplateProcessor.php

[thomasb88]

It seems its should be done in the code there

if (Settings::isOutputEscapingEnabled()) {
$xmlEscaper = new Xml();
$replace = $xmlEscaper->escape($replace);
}

but it seems to be false by default...

[thomasb88]

So i would try
Settings::setOutputEscapingEnabled(true);

[samuel-lujan]

Pretty good my friend this solved My BUG! :)

[thomasb88]

You're welcome -)