php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #30875 xml_parse_into_struct() does not resolve entities in element content
Submitted: 2004-11-24 00:11 UTC Modified: 2018-10-09 14:07 UTC
Votes:9
Avg. Score:3.9 ± 1.0
Reproduced:3 of 5 (60.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: joern_h at gmx dot net Assigned: cmb (profile)
Status: Closed Package: XML related
PHP Version: 4CVS, 5CVS (2005-02-03) OS: *
Private report: No CVE-ID: None
 [2004-11-24 00:11 UTC] joern_h at gmx dot net
Description:
------------
When using xml_parse_into_struct, entities from the internal dtd are not resolved in element content. Entities in attribute values are resolved properly. This bug is present in PHP 4.3.8 and PHP5 (cvs from 2004-11-22).

Reproduce code:
---------------
<?php

$xml = <<<HERE
<!DOCTYPE test [
    <!ENTITY test "test">
]>
<test>&test;</test>
HERE;

$parser =& xml_parser_create();

xml_parse_into_struct($parser, $xml, $vals, $idx);

print_r($vals);

xml_parser_free($parser);

?>


Expected result:
----------------
Array
(
    [0] => Array
        (
            [tag] => TEST
            [type] => complete
            [level] => 1
            [value] => test
        )
)

Actual result:
--------------
Array
(
    [0] => Array
        (
            [tag] => TEST
            [type] => complete
            [level] => 1
        )
)

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-02-03 14:59 UTC] joern_h at gmx dot net
This bug still occurs with current PHP4 (Feb  3 2005 06:13:06) and PHP5 (Feb  3 2005 12:17:00) snapshots.
 [2005-02-16 07:35 UTC] sniper@php.net
After some investigating of the issue: ext/xml just misses this functionality. No bug but feature request -> reclassified.

 [2010-12-01 16:17 UTC] jani@php.net
-Summary: ext/xml: xml_parse_into_struct() does not resolve entities in element content +Summary: xml_parse_into_struct() does not resolve entities in element content -Package: Feature/Change Request +Package: XML related
 [2016-06-29 18:40 UTC] cmb@php.net
-Status: Analyzed +Status: Verified
 [2016-06-29 18:40 UTC] cmb@php.net
> When using xml_parse_into_struct, entities from the internal dtd
> are not resolved in element content. Entities in attribute
> values are resolved properly.

Indeed, see <https://3v4l.org/8cgbf>. In my opinion, this
inconsistency is a bug.
 [2018-10-09 13:35 UTC] cmb@php.net
> ext/xml just misses this functionality.

Well, actually it disables this functionality.  Therefore,
re-classifying as bug.

The problem is that xml_parse_into_struct() sets up a default
handler[1], but this handler doesn't do anything, since there is
no actual PHP handler installed[2].  This is basically the same as
this script[3]; simply removing the empty default handler[4]
solves the issue.

[1] <https://github.com/php/php-src/blob/php-7.3.0RC2/ext/xml/xml.c#L1437>
[2] <https://github.com/php/php-src/blob/php-7.3.0RC2/ext/xml/xml.c#L953-L967>
[3] <https://3v4l.org/PUrG6>
[4] <https://3v4l.org/lcEF0>
 [2018-10-09 13:36 UTC] cmb@php.net
-Type: Feature/Change Request +Type: Bug
 [2018-10-09 14:07 UTC] cmb@php.net
-Assigned To: +Assigned To: cmb
 [2018-10-09 14:11 UTC] cmb@php.net
Automatic comment on behalf of cmbecker69@gmx.de
Revision: http://git.php.net/?p=php-src.git;a=commit;h=2845f859c19965691855c66bc18d94a4e06ff329
Log: Fix #30875: xml_parse_into_struct() does not resolve entities
 [2018-10-09 14:11 UTC] cmb@php.net
-Status: Verified +Status: Closed
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Mar 19 04:01:31 2024 UTC