Also avoid entity expansion in DOMAttr::$nodeValue

Author: tstarling

ext/dom/node.c

@@ -177,8 +177,11 @@ int dom_node_node_value_write(dom_object *obj, zval *newval)
 
 	/* Access to Element node is implemented as a convenience method */
 	switch (nodep->type) {
-		case XML_ELEMENT_NODE:
 		case XML_ATTRIBUTE_NODE:
+			dom_remove_all_children(nodep);
+			xmlAddChild(nodep, xmlNewTextLen((xmlChar *) ZSTR_VAL(str), ZSTR_LEN(str)));
+			break;
+		case XML_ELEMENT_NODE:
 			dom_remove_all_children(nodep);
 			ZEND_FALLTHROUGH;
 		case XML_TEXT_NODE:

ext/dom/tests/DOMAttr_entity_expansion.phpt

@@ -15,6 +15,13 @@ print $doc->saveXML($elt) . "\n";
 $attr->removeChild($attr->firstChild);
 print $doc->saveXML($elt) . "\n";
 
+$attr->nodeValue = '&';
+print $doc->saveXML($elt) . "\n";
+
+$attr->nodeValue = '&';
+print $doc->saveXML($elt) . "\n";
+
+$elt->removeAttributeNode($attr);
 $elt->setAttributeNS('http://www.w3.org/2000/svg', 'svg:id','&');
 print $doc->saveXML($elt) . "\n";
 
@@ -26,5 +33,7 @@ print $doc->saveXML($elt) . "\n";
 <elt a="&amp;"/>
 <elt a="&amp;amp;"/>
 <elt a=""/>
-<elt xmlns:svg="http://www.w3.org/2000/svg" a="" svg:id="&amp;amp;"/>
-<elt xmlns:svg="http://www.w3.org/2000/svg" a="" svg:id="&amp;lt;&amp;amp;"/>
+<elt a="&amp;"/>
+<elt a="&amp;amp;"/>
+<elt xmlns:svg="http://www.w3.org/2000/svg" svg:id="&amp;amp;"/>
+<elt xmlns:svg="http://www.w3.org/2000/svg" svg:id="&amp;lt;&amp;amp;"/>