Bug: `DOMDocument::createElement()` warning with ampersands in concentration names/descriptions

[kenwilliams-nu]

Bug: DOMDocument::createElement() warning with ampersands in concentration names/descriptions

Description
When concentration names or descriptions contain an ampersand (&), PHP throws a warning due to invalid XML entity references when building DOM elements.

PHP Warning:  DOMDocument::createElement(): unterminated entity reference Technology in
/nas/content/live/nustggrad2024/wp-content/themes/neu/vendor/northeastern-web/pim-fim-adapter/src/PIM/Helpers/transformConcentrationsToHTML.php on line 30

Steps to Reproduce

1. Include a concentration with a name such as "Information & Technology" or a description containing &.
2. Call transformConcentrationsToHTML().
3. Observe PHP warning in logs.

Cause
DOMDocument::createElement() interprets & as the start of an entity. Since &T is not valid, it triggers a parsing warning.

Fix Implemented

• Escaped text values before passing them to createElement() with htmlspecialchars(..., ENT_XML1 | ENT_COMPAT, 'UTF-8').
• Added null coalescing operators (?? '') for name and description to prevent undefined index notices.
• Return empty string instead of null if input is invalid to avoid unexpected template output.

Patched Code Example

// Strong element for name
$nameText = $concentration['name'] ?? '';
$name = $dom->createElement('strong', htmlspecialchars($nameText, ENT_XML1 | ENT_COMPAT, 'UTF-8'));
$li->appendChild($name);

// Paragraph element for Description
$descText = $concentration['description'] ?? '';
if (!empty($descText)) {
    $description = $dom->createElement('p', htmlspecialchars($descText, ENT_XML1 | ENT_COMPAT, 'UTF-8'));
    $li->appendChild($description);
}

Result

• No more warnings when rendering concentrations with ampersands.
• Output remains valid HTML, displaying & properly as &.