PHP :: Request #45915 :: xmlrpc_encode_request() does not encode numeric keys properly

xmlrpc_encode_request() does not encode numeric keys properly

Submitted:

2008-08-25 21:26 UTC

Modified:

2021-04-13 13:54 UTC

Votes:	4
Avg. Score:	5.0 ± 0.0
Reproduced:	4 of 4 (100.0%)
Same Version:	4 (100.0%)
Same OS:	4 (100.0%)

From:

matt at waggoner dot com

Assigned:

cmb (profile)

Status:

Wont fix

Package:

XMLRPC-EPI related

PHP Version:

5.2.6

OS:

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	matt at waggoner dot com
New email:
PHP Version:		OS:

New Comment:

[2008-08-25 21:26 UTC] matt at waggoner dot com

Description:
------------
This issue has been marked as bogus or wontfix before, but I believe this is a bad idea and that this issue should be fixed.

Bug #21949 ends with this comment:

"Not a bug, XML-RPC is ambigous as to the value that the <name> field can contain.  However, all indications point to it being a string value, in XML this represents a value that is non-numeric."

This is false; XML's string type is not restricted to "non-numeric" values.  http://www.w3.org/TR/xmlschema-2/#string says that a string's value space is "the set of finite-length sequences of characters (as defined in [XML 1.0 (Second Edition)]) that match the Char production".  The "Char production" is the following grammar:

char ::= #x9 | #xA | #xD | [#x20-#xD7FF] | [#xE000-#xFFFD] | [#x10000-#x10FFFF]

The characters 0-9 are within the [#x20-#xD7FF] range, ergo the string XML datatype can validly contain a set of only numeric characters such as "123", which eliminates that objection.

The XML-RPC spec does indeed not specify what value a <name> element may contain, but it seems fairly useless to simply drop numeric keys; a string is a string regardless of whether it contains letters or not.  

Re bug #37746: "It has been this way for a long time" is not a valid reason to avoid fixing this (see any number of longstanding bugs in PHP's history); "this might break existing code" is also not a valid reason (see any number of backward-incompatible changes in PHP's history).

Please fix this bug.

Reproduce code:
---------------
See bugs #21949 and #37746.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2011-01-23 21:30 UTC] jani@php.net

-Package: Feature/Change Request +Package: XMLRPC-EPI related

[2021-04-13 13:54 UTC] cmb@php.net

-Status: Open +Status: Wont fix -Assigned To: +Assigned To: cmb

[2021-04-13 13:54 UTC] cmb@php.net

The xmlrpc extension is unbundled and moved to PECL as of PHP
7.4.0.  I'm temporarily maintaining the extension, but I will not
do any feature additions.  Actually, everybody is likely better
off to switch to something else.  Thus, I'm closing this ticket.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sat Dec 21 14:01:32 2024 UTC