php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #41724 libxml_get_last_error() - errors survice request scope
Submitted: 2007-06-18 10:56 UTC Modified: 2007-06-18 16:46 UTC
From: thekid@php.net Assigned:
Status: Closed Package: XML related
PHP Version: 5CVS-2007-06-18 (CVS) OS: Any
Private report: No CVE-ID: None
 [2007-06-18 10:56 UTC] thekid@php.net
Description:
------------
If one fails to call libxml_clear_error() at the end of a request (via register_shutdown_func() e.g.) errors retrieved by libxml_get_last_error() may come from a different request previously handled in the same webserver child.

Reproduce code:
---------------
-- test.php --
<?php
  var_dump(libxml_get_last_error());
?>

-- produce.php --
<?php
  $d= new DomDocument();
  $d->loadXML('malformed');
?>

1) Call produce.php
2) Call test.php - if it is served up by the same web server
   child, you will see the error from produce.php  

Expected result:
----------------
One script should never be able to mess with other scripts' context.

Actual result:
--------------
libxml_get_last_error() in test.php will report the error produced in produce.php if run inside the same web server child process.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-06-18 10:57 UTC] thekid@php.net
This patch should fix the problem:

$ cvs diff -u ext/libxml/
cvs diff: Diffing ext/libxml
Index: ext/libxml/libxml.c
===================================================================
RCS file: /repository/php-src/ext/libxml/libxml.c,v
retrieving revision 1.32.2.7.2.11
diff -u -r1.32.2.7.2.11 libxml.c
--- ext/libxml/libxml.c 23 Feb 2007 11:12:49 -0000      1.32.2.7.2.11
+++ ext/libxml/libxml.c 18 Jun 2007 10:46:00 -0000
@@ -674,7 +674,7 @@
                efree(LIBXML(error_list));
                LIBXML(error_list) = NULL;
        }
-
+       xmlResetLastError();
        return SUCCESS;
 }
 
It adds xmlResetLastError() call to RSHUTDOWN
 [2007-06-18 16:46 UTC] iliaa@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Nov 21 08:01:29 2024 UTC