php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #31033 RegisterPhpFunctions: php:function(string, nodeset) with xsl:key crush PHP
Submitted: 2004-12-09 06:21 UTC Modified: 2005-03-02 19:32 UTC
From: 4mirror at mail dot ru Assigned:
Status: Closed Package: XSLT related
PHP Version: 5.0.2 OS: Windows 2000 sp4
Private report: No CVE-ID: None
 [2004-12-09 06:21 UTC] 4mirror at mail dot ru
Description:
------------
If we have 
<xsl:key name="bar" match="foo" use="@baz"/>
anywere in stylesheet, any call of 
php:function('anyFunction',some/node)
crush php.

In result, Apache return 500 (and Windows say: "Unhandled exception at 0x10189120 in php-cgi.exe: 0xC0000005: 
Access violation reading location 0x31223d72"), or never return anything, or PHP return many false errors.

PHP - release 5.0.2, win32 binary distribution.
Configure Command (from PHPinfo): cscript /nologo configure.js "--enable-snapshot-build" "--with-gd=shared"
Server API: CGI/FastCGI

Apache - 1.3.27 (Win32)
libxml2 - 2.6.11, libxslt - 1.1.7, libexslt - 0.8.5


P.S. We can see "Expected result" after we delete string  with mark <!-- !!! --> in "Reproduce code"...

Reproduce code:
---------------
<?php
function myCrach($xml) { return $xml[0]->nodeName; }
$txtxsl=<<<XSL
<xsl:stylesheet version="1.0" xmlns:php="http://php.net/xsl" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
 <xsl:key name="data" match="tag" use="@bar"/> <!-- !!! -->
 <xsl:template match="tag">
  <xsl:value-of select="php:function('myCrach',..)"/> 
 </xsl:template>
</xsl:stylesheet>
XSL;
$domxml=DomDocument::loadXML('<test><tag bar="foo">baz</tag> </test>');
$domxsl=DomDocument::loadXML($txtxsl);
$xsl=new xsltProcessor();
$xsl->registerPhpFunctions();
$xsl->importStylesheet($domxsl);
echo $xsl->transformtoXML($domxml);
?>

Expected result:
----------------
test

Actual result:
--------------
server no response, php going to infinite cycle...


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-02-28 21:18 UTC] sniper@php.net
Please try using this CVS snapshot:

  http://snaps.php.net/php5-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5-win32-latest.zip


 [2005-03-02 19:32 UTC] rrichards@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

Fixed for 5.1
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Mar 19 09:01:30 2024 UTC