php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #42050 DOMDocument using canonicalized absolute pathname for relative Doctype
Submitted: 2007-07-19 16:22 UTC Modified: 2008-11-10 01:00 UTC
Votes:9
Avg. Score:4.4 ± 1.1
Reproduced:9 of 9 (100.0%)
Same Version:5 (55.6%)
Same OS:6 (66.7%)
From: andrew at gencon dot co dot uk Assigned: rrichards (profile)
Status: No Feedback Package: DOM XML related
PHP Version: 5CVS-2007-07-19 (snap) OS: Linux 2.6.20 Debian testing
Private report: No CVE-ID: None
 [2007-07-19 16:22 UTC] andrew at gencon dot co dot uk
Description:
------------
When using PHP5 DOM extension relative DTDs specified on a Doctype that go through a symlink are resolved using (what appears to be) the canonicalized absolute pathname. This means that relative paths like ../dtd/test.dtd are relative to the path the symlink points to and not relative to the symlink itself. This means you cannot use normal symlink 'shenanigans' to work around some limitations of DTDs.

Behaviour of sample xml and dtd files tested with PHP4 (4.4.4-9) PHP5 (5.2.0-10 and 5.2.3-1), xmllint using: --loaddtd --noent and rxp.

Snapshot compiled using a simple ./configure and make no options or flags used. Ran using php5.2-200707191430/sapi/cli/php

Same behavior is also seen using relative DTDs and symlinks in XSLT files and PHP5.

Reproduce code:
---------------
Sample code for PHP4 and PHP5 with xml and dtd files can be downloaded from here:

http://www.gencon.co.uk/php_bug_reporting/gencon_php_bug_examples.tgz

In the results below test 1 is not using the symlink and test 2 is using the symlink.

Expected result:
----------------
Expected to see this output (from PHP4 sample included):

Test XML1:

<?xml version="1.0"?>
<!DOCTYPE doc SYSTEM "../dtd/test.dtd">
<doc><test>a</test></doc>

Test XML2:

<?xml version="1.0"?>
<!DOCTYPE doc SYSTEM "../dtd/test.dtd">
<doc><test>a</test></doc>



Actual result:
--------------
Actually saw this output (any PHP5 version):

Test XML 1:

<?xml version="1.0"?>
<!DOCTYPE doc SYSTEM "../dtd/test.dtd">
<doc><test>a</test></doc>

Test XML 2:

<?xml version="1.0"?>
<!DOCTYPE doc SYSTEM "../dtd/test.dtd">
<doc><test>b</test></doc>

Notice the very last line is now a 'b' and not an 'a' because it has picked up the wrong DTD defining the entity.

Patches

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-07-22 20:57 UTC] andrew at gencon dot co dot uk
Reclassified bug as DOM XML seems to relate more to the PHP4 extension.
 [2007-07-23 00:52 UTC] rrichards@php.net
assign to self and re-classify back to DOM.
 [2008-06-20 16:57 UTC] bertrand at epistema dot com
I encounter the same issue when trying to load an entity through a relative url (../../folder/myfile.dtd). 

Note that it works fine on windows, but fails on linux (Ubuntu Hardy-Heron) - both on PHP 5.2.

(I could go round the problem by manually changing the URI with a absolute path, using loadXML instead of load)
 [2008-11-02 12:48 UTC] jani@php.net
Please try using this CVS snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows:

  http://windows.php.net/snapshots/


 [2008-11-10 01:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Sep 07 21:01:27 2024 UTC