php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #46138 XML parser strippig < and >
Submitted: 2008-09-20 18:09 UTC Modified: 2008-09-22 11:32 UTC
From: daniel dot miksik at gmail dot com Assigned:
Status: Not a bug Package: XML related
PHP Version: 5.2.6 OS: Linux
Private report: No CVE-ID:
 [2008-09-20 18:09 UTC] daniel dot miksik at gmail dot com
Description:
------------
Configure command: './configure' '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--target=x86_64-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--localstatedir=/var' '--sharedstatedir=/usr/com' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--cache-file=../config.cache' '--with-libdir=lib64' '--with-config-file-path=/etc' '--with-config-file-scan-dir=/etc/php.d' '--disable-debug' '--with-pic' '--disable-rpath' '--without-pear' '--with-bz2' '--with-curl' '--with-exec-dir=/usr/bin' '--with-freetype-dir=/usr' '--with-png-dir=/usr' '--enable-gd-native-ttf' '--without-gdbm' '--with-gettext' '--with-gmp' '--with-iconv' '--with-jpeg-dir=/usr' '--with-openssl' '--with-png' '--with-expat-dir=/usr' '--with-pcre-regex=/usr' '--with-zlib' '--with-layout=GNU' '--enable-exif' '--enable-ftp' '--enable-magic-quotes' '--enable-sockets' '--enable-sysvsem' '--enable-sysvshm' '--enable-sysvmsg' '--enable-track-vars' '--enable-trans-sid' '--enable-yp' '--enable-wddx' '--with-kerberos' '--enable-ucd-snmp-hack' '--with-unixODBC=shared,/usr' '--enable-memory-limit' '--enable-shmop' '--enable-calendar' '--enable-dbx' '--enable-dio' '--without-mime-magic' '--without-sqlite' '--with-libxml-dir=/usr' '--with-xml' '--with-system-tzdata' '--with-apxs2=/usr/sbin/apxs' '--without-mysql' '--without-gd' '--without-odbc' '--disable-dom' '--disable-dba' '--without-unixODBC' '--disable-pdo' '--disable-xmlreader' '--disable-xmlwriter' '--disable-json' '--without-pspell'

libxml2 Version: 2.6.32


Reproduce code:
---------------
<?php
$xml_parser = xml_parser_create();
xml_parse_into_struct($xml_parser, "<SUMMARY>This is a link to &lt;a href=&quot;http://example.com&quot;&gt;Example&lt;/a&gt;.</SUMMARY>", $vals);
xml_parser_free($xml_parser);
echo "Vals array\n";
print_r($vals);
?>

Expected result:
----------------
Vals array
Array
(
    [0] => Array
        (
            [tag] => SUMMARY
            [type] => complete
            [level] => 1
            [value] => This is a link to <a href="http://example.com">Example</a>.
        )

)

Actual result:
--------------
Vals array
Array
(
    [0] => Array
        (
            [tag] => SUMMARY
            [type] => complete
            [level] => 1
            [value] => This is a link to a href=http://example.comExample/a.
        )

)

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-09-20 18:19 UTC] daniel dot miksik at gmail dot com
I forgot to link to a very similar bug reported for PHP 5.0.3 at http://bugs.php.net/bug.php?id=31139.
 [2008-09-22 10:33 UTC] daniel dot miksik at gmail dot com
Further info from our webmaster:
- Linux Fedora 9
- libxml 2.7.1

I have also tested the given example code in PHP 5.2.6 running on WinXP machine, it worked fine.
 [2008-09-22 10:49 UTC] daniel dot miksik at gmail dot com
Looks like this has already been reported at http://bugs.php.net/bug.php?id=45996, so closing.
 [2008-09-22 11:32 UTC] pajoye@php.net
duplicate of #45996 > bogus.
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Sun Apr 20 01:02:05 2014 UTC