php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #35271 xml_parse_into_struct silently drops defined entities
Submitted: 2005-11-18 07:17 UTC Modified: 2018-03-14 14:24 UTC
Votes:12
Avg. Score:4.8 ± 0.6
Reproduced:9 of 10 (90.0%)
Same Version:2 (22.2%)
Same OS:6 (66.7%)
From: bugs dot php dot net at nanonanonano dot net Assigned: cmb (profile)
Status: Duplicate Package: XML related
PHP Version: 4CVS-2005-11-18 (CVS) OS: Linux
Private report: No CVE-ID: None
 [2005-11-18 07:17 UTC] bugs dot php dot net at nanonanonano dot net
Description:
------------
When called on an XML document that contains defined entities, xml_parse_into_struct silently drops the entities from the parsed output.

(If the entity is undefined, it returns an error)

Reproduce code:
---------------
<?php
  $data = implode ("", file('entityexample.xml'));
  $parser = xml_parser_create();
  xml_parser_set_option ($parser,XML_OPTION_CASE_FOLDING,0);
  xml_parser_set_option ($parser,XML_OPTION_SKIP_WHITE,1);
  xml_parse_into_struct ($parser,$data,$values,$tags);
  xml_parser_free ($parser);
  #echo "VALS\n"; print_r($values);
  #echo "TAGS\n"; print_r($tags); 
  echo $values[2]['value']."\n";
?>
---------- entityexample.xml --------------
<?xml version='1.0'?>
<!DOCTYPE test [
  <!ENTITY times   "FOO BAR">
]>
<test>
  <item>
    <name>One &times; two</name>
  </item>
</test>


Expected result:
----------------
The entity should either be not replaced:

        One &times; two

or it should be correctly replaced:

        One FOO BAR two


Actual result:
--------------
The entity is silently dropped from the XML stream:

        One  two


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-11-24 23:50 UTC] bugs dot php dot net at nanonanonano dot net
This has been triaged to "Feature request" but it's a straight bug in the implementation: the docs claim that xml_parse_into_struct parses XML into a pair of arrays but the function doesn't do that.

(at the very least, a warning should be in the documentation for xml_parse_into_struct that it will fubar your data if you have entities in it, but I'd obviously prefer that the function just worked properly)
 [2016-12-30 23:19 UTC] cmb@php.net
-Package: Feature/Change Request +Package: XML related
 [2018-03-14 14:24 UTC] cmb@php.net
-Status: Open +Status: Duplicate -Assigned To: +Assigned To: cmb
 [2018-03-14 14:24 UTC] cmb@php.net
Duplicate of request #30875.
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Sun Apr 21 04:01:25 2019 UTC