php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #35271 xml_parse_into_struct silently drops defined entities
Submitted: 2005-11-18 07:17 UTC Modified: 2018-03-14 14:24 UTC
Votes:12
Avg. Score:4.8 ± 0.6
Reproduced:9 of 10 (90.0%)
Same Version:2 (22.2%)
Same OS:6 (66.7%)
From: bugs dot php dot net at nanonanonano dot net Assigned: cmb (profile)
Status: Duplicate Package: XML related
PHP Version: 4CVS-2005-11-18 (CVS) OS: Linux
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: bugs dot php dot net at nanonanonano dot net
New email:
PHP Version: OS:

 

 [2005-11-18 07:17 UTC] bugs dot php dot net at nanonanonano dot net
Description:
------------
When called on an XML document that contains defined entities, xml_parse_into_struct silently drops the entities from the parsed output.

(If the entity is undefined, it returns an error)

Reproduce code:
---------------
<?php
  $data = implode ("", file('entityexample.xml'));
  $parser = xml_parser_create();
  xml_parser_set_option ($parser,XML_OPTION_CASE_FOLDING,0);
  xml_parser_set_option ($parser,XML_OPTION_SKIP_WHITE,1);
  xml_parse_into_struct ($parser,$data,$values,$tags);
  xml_parser_free ($parser);
  #echo "VALS\n"; print_r($values);
  #echo "TAGS\n"; print_r($tags); 
  echo $values[2]['value']."\n";
?>
---------- entityexample.xml --------------
<?xml version='1.0'?>
<!DOCTYPE test [
  <!ENTITY times   "FOO BAR">
]>
<test>
  <item>
    <name>One &times; two</name>
  </item>
</test>


Expected result:
----------------
The entity should either be not replaced:

        One &times; two

or it should be correctly replaced:

        One FOO BAR two


Actual result:
--------------
The entity is silently dropped from the XML stream:

        One  two


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-11-24 23:50 UTC] bugs dot php dot net at nanonanonano dot net
This has been triaged to "Feature request" but it's a straight bug in the implementation: the docs claim that xml_parse_into_struct parses XML into a pair of arrays but the function doesn't do that.

(at the very least, a warning should be in the documentation for xml_parse_into_struct that it will fubar your data if you have entities in it, but I'd obviously prefer that the function just worked properly)
 [2016-12-30 23:19 UTC] cmb@php.net
-Package: Feature/Change Request +Package: XML related
 [2018-03-14 14:24 UTC] cmb@php.net
-Status: Open +Status: Duplicate -Assigned To: +Assigned To: cmb
 [2018-03-14 14:24 UTC] cmb@php.net
Duplicate of request #30875.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Dec 10 15:01:28 2024 UTC