php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #69668 SOAP: special XML characters in namespace URIs not encoded
Submitted: 2015-05-20 07:37 UTC Modified: 2021-03-29 12:24 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: LastDragon at yandex dot ru Assigned: cmb (profile)
Status: Closed Package: SOAP related
PHP Version: 5.5.25 OS: win 8.1 x64
Private report: No CVE-ID: None
 [2015-05-20 07:37 UTC] LastDragon at yandex dot ru
Description:
------------
If service URI contains the querystring (eg ?tmp=1&tmp2=2) then SoapClient will generate "ns1" attribute without entity encoding ("a=a&b=b" instead of "a=a&b=b").



Patches

Pull Requests

Pull requests:

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-05-20 07:41 UTC] LastDragon at yandex dot ru
Full descrition http://pastebin.com/4WGSvA02 (sorry, I can't post it here because this piece of shit says "Please do not SPAM our bug system.")
 [2015-06-25 08:16 UTC] falundir at gmail dot com
Service endpoint URL (soap:address location) is not the same as service namespace. Namespaces can be any URI (or URN) and it's just a name, and not resource locator. 

Simply use something else than your service URL as your namespace, ex:
http://company.com/services/TestService/v1
 [2021-03-23 21:36 UTC] cmb@php.net
-Status: Open +Status: Verified -Assigned To: +Assigned To: cmb
 [2021-03-23 21:36 UTC] cmb@php.net
falundir is right; there is no need to use any special XML
characters in the namespace URI.  On the other hand, ext/soap
shouldn't produce invalid XML.
 [2021-03-24 15:25 UTC] cmb@php.net
-Summary: SoapClient generate invalid request xml if service URI contains the querystring +Summary: SOAP: special XML characters in namespace URIs not encoded
 [2021-03-24 15:31 UTC] cmb@php.net
The following pull request has been associated:

Patch Name: Fix #69668: SOAP special XML characters in namespace URIs not encoded
On GitHub:  https://github.com/php/php-src/pull/6804
Patch:      https://github.com/php/php-src/pull/6804.patch
 [2021-03-29 12:24 UTC] cmb@php.net
-Status: Verified +Status: Closed
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon Dec 30 14:01:28 2024 UTC