php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #52779 Bug tracker's RSS/RDF feeds are malformed (unescaped XML invalid chars)
Submitted: 2010-09-05 05:50 UTC Modified: 2010-11-10 10:46 UTC
From: cataphract@php.net Assigned: aharvey (profile)
Status: Closed Package: Website problem
PHP Version: Irrelevant OS:
Private report: No CVE-ID: None
 [2010-09-05 05:50 UTC] cataphract@php.net
Description:
------------
If the body of the bugs contains a character that's invalid in XML, it's not properly escaped in the feed, resulting in malformed XML.

Test script:
---------------
For instance, bug #52774 contains the character \05 in its body. This character is not then properly escaped in a feed.

Example: http://bugs.php.net/rss/search.php?search_for=Proxy+object%27s+store+free+callback+calls+zval_ptor_dtor+on+already+freed+data&boolean=0&limit=30&order_by=&direction=DESC&cmd=display&status=All&bug_type=All&package_name%5B0%5D=%2AGeneral+Issues&package_name%5B1%5D=Feature%2FChange+Request&package_name%5B2%5D=Documentation+problem&package_name%5B3%5D=Translation+problem&package_name%5B4%5D=Doc+Build+problem&package_name%5B5%5D=Website+problem&package_name%5B6%5D=Online+Doc+Editor+problem&package_name%5B7%5D=Systems+problem&package_name%5B8%5D=Output+Control&package_name%5B9%5D=Performance+problem&package_name%5B10%5D=Reproducible+crash&package_name%5B11%5D=Scripting+Engine+problem&package_name%5B12%5D=SPL+related&package_name%5B13%5D=Reflection+related&package_name%5B14%5D=Session+related&package_name%5B15%5D=Filter+related&package_name%5B16%5D=Streams+related&package_name%5B17%5D=PHP-GTK+related&package_name%5B18%5D=PDO+related&package_name%5B19%5D=PHAR+related&package_name%5B20%5D=%2ACompile+Issues&package_name%5B21%5D=Compile+Failure&package_name%5B22%5D=Compile+Warning&package_name%5B23%5D=%2AConfiguration+Issues&package_name%5B24%5D=Dynamic+loading&package_name%5B25%5D=PHP+options%2Finfo+functions&package_name%5B26%5D=Safe+Mode%2Fopen_basedir&package_name%5B27%5D=Windows+Installer&package_name%5B28%5D=%2AWeb+Server+problem&package_name%5B29%5D=CGI+related&package_name%5B30%5D=Apache+related&package_name%5B31%5D=Apache2+related&package_name%5B32%5D=IIS+related&package_name%5B33%5D=iPlanet+related&package_name%5B34%5D=PWS+related&package_name%5B35%5D=Servlet+related&package_name%5B36%5D=Other+web+server&package_name%5B37%5D=FPM+related&package_name%5B38%5D=%2ACalendar+problems&package_name%5B39%5D=Date%2Ftime+related&package_name%5B40%5D=Calendar+related&package_name%5B41%5D=%2ACompression+related&package_name%5B42%5D=Bzip2+Related&package_name%5B43%5D=Zip+Related&package_name%5B44%5D=ZZiplib+Related&package_name%5B45%5D=Zlib+Related&package_name%5B46%5D=%2ADirectory%2FFilesystem+functions&package_name%5B47%5D=Directory+function+related&package_name%5B48%5D=Filesystem+function+related&package_name%5B49%5D=%2ADirectory+Services+problems&package_name%5B50%5D=LDAP+related&package_name%5B51%5D=%2ADatabase+Functions&package_name%5B52%5D=Adabas-D+related&package_name%5B53%5D=dBase+related&package_name%5B54%5D=DBM%2FDBA+related&package_name%5B55%5D=DBX+related&package_name%5B56%5D=FrontBase+related&package_name%5B57%5D=Informix+related&package_name%5B58%5D=Ingres+II+related&package_name%5B59%5D=InterBase+related&package_name%5B60%5D=mSQL+related&package_name%5B61%5D=MSSQL+related&package_name%5B62%5D=MySQL+related&package_name%5B63%5D=MySQLi+related&package_name%5B64%5D=OCI8+related&package_name%5B65%5D=Oracle+related&package_name%5B66%5D=ODBC+related&package_name%5B67%5D=PostgreSQL+related&package_name%5B68%5D=Solid+related&package_name%5B69%5D=SQLite+related&package_name%5B70%5D=Sybase+%28dblib%29+related&package_name%5B71%5D=Sybase-ct+%28ctlib%29+related&package_name%5B72%5D=%2AData+Exchange+functions&package_name%5B73%5D=JSON+related&package_name%5B74%5D=WDDX+related&package_name%5B75%5D=%2AExtensibility+Functions&package_name%5B76%5D=COM+related&package_name%5B77%5D=Java+related&package_name%5B78%5D=ncurses+related&package_name%5B79%5D=Program+Execution&package_name%5B80%5D=POSIX+related&package_name%5B81%5D=PCNTL+related&package_name%5B82%5D=Readline+related&package_name%5B83%5D=Semaphore+related&package_name%5B84%5D=Win32API+related&package_name%5B85%5D=%2AE-commerce+functions&package_name%5B86%5D=Verisign+Payflow+Pro+related&package_name%5B87%5D=%2AGraphics+related&package_name%5B88%5D=EXIF+related&package_name%5B89%5D=GD+related&package_name%5B90%5D=GetImageSize+related&package_name%5B91%5D=Ming+related&package_name%5B92%5D=%2ALanguages%2FTranslation&package_name%5B93%5D=Gettext+related&package_name%5B94%5D=ICONV+related&package_name%5B95%5D=mbstring+related&package_name%5B96%5D=Recode+related&package_name%5B97%5D=%2AMail+Related&package_name%5B98%5D=IMAP+related&package_name%5B99%5D=Mail+related&package_name%5B100%5D=%2AMath+Functions&package_name%5B101%5D=BC+math+related&package_name%5B102%5D=GNU+MP+related&package_name%5B103%5D=Math+related&package_name%5B104%5D=%2AEncryption+and+hash+functions&package_name%5B105%5D=mcrypt+related&package_name%5B106%5D=hash+related&package_name%5B107%5D=mhash+related&package_name%5B108%5D=OpenSSL+related&package_name%5B109%5D=%2ANetwork+Functions&package_name%5B110%5D=Network+related&package_name%5B111%5D=SNMP+related&package_name%5B112%5D=FTP+related&package_name%5B113%5D=HTTP+related&package_name%5B114%5D=Sockets+related&package_name%5B115%5D=%2APDF+functions&package_name%5B116%5D=ClibPDF+related&package_name%5B117%5D=FDF+related&package_name%5B118%5D=PDF+related&package_name%5B119%5D=%2AProgramming+Data+Structures&package_name%5B120%5D=Class%2FObject+related&package_name%5B121%5D=Arrays+related&package_name%5B122%5D=Strings+related&package_name%5B123%5D=Variables+related&package_name%5B124%5D=%2ARegular+Expressions&package_name%5B125%5D=PCRE+related&package_name%5B126%5D=Regexps+related&package_name%5B127%5D=%2ASpelling+functions&package_name%5B128%5D=Pspell+related&package_name%5B129%5D=%2ASearch+functions&package_name%5B130%5D=mnoGoSearch+related&package_name%5B131%5D=%2AXML+functions&package_name%5B132%5D=DOM+XML+related&package_name%5B133%5D=SOAP+related&package_name%5B134%5D=SimpleXML+related&package_name%5B135%5D=XML+Reader&package_name%5B136%5D=XML+Writer&package_name%5B137%5D=XML+related&package_name%5B138%5D=XMLRPC-EPI+related&package_name%5B139%5D=XSLT+related&package_name%5B140%5D=%2AURL+Functions&package_name%5B141%5D=cURL+related&package_name%5B142%5D=URL+related&package_name%5B143%5D=%2AUnicode+Issues&package_name%5B144%5D=Unicode+Function+Upgrades+related&package_name%5B145%5D=I18N+and+L10N+related&package_name%5B146%5D=Unicode+Engine+related&package_name%5B147%5D=Unknown%2FOther+Function&package_name%5B148%5D=%2AFunction+Specific&package_name%5B149%5D=%2AInstall+and+Config&package_name%5B150%5D=%2ASession+related&package_name%5B151%5D=%2AZlib+related&package_name%5B152%5D=Calendar+problems&package_name%5B153%5D=CCVS+related&package_name%5B154%5D=Compile+Problem&package_name%5B155%5D=Cybercash+related&package_name%5B156%5D=Dynamic+loading+related&package_name%5B157%5D=FrontPage+related&package_name%5B158%5D=Installation+problem&package_name%5B159%5D=Livedocs+problem&package_name%5B160%5D=Misbehaving+function&package_name%5B161%5D=NIS+related&package_name%5B162%5D=Other&package_name%5B163%5D=Parser+error&package_name%5B164%5D=PEAR+related&package_name%5B165%5D=PECL+related&package_name%5B166%5D=Sablotron+XSL&package_name%5B167%5D=Sybase+related&package_name%5B168%5D=Unicode+Function+Upgrades+relate&package_name%5B169%5D=unknown&php_os=&phpver=&assign=&author_email=&bug_age=0&bug_updated=0

Expected result:
----------------
The character should have been escaped.

Actual result:
--------------
XML parsing failed

XML parsing failed: syntax error (Line: 266, Character: 62)

Reparse document as HTML
Error: invalid character

Specification: http://www.w3.org/TR/REC-xml/#NT-Char

263: object
264: 0x028102c0 {object=0x0280db38 property=0x028101d0 }
265:     object: 0x0280db38 {value={...} refcount__gc=2 type='\05' ...}
266:     property: 0x028101d0 {value={...} refcount__gc=1515870810 type='Z' ...}
267: 
268: 
269: 

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-11-10 10:46 UTC] aharvey@php.net
Automatic comment from SVN on behalf of aharvey
Revision: http://svn.php.net/viewvc/?view=revision&revision=305240
Log: Fix bug #52779 (Bug tracker's RSS/RDF feeds are malformed (unescaped XML
invalid chars)).
 [2010-11-10 10:46 UTC] aharvey@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: aharvey
 [2010-11-10 10:46 UTC] aharvey@php.net
This bug has been fixed in SVN. Since the websites are not directly
updated from the SVN server, the fix might need some time to spread
across the globe to all mirror sites, including PHP.net itself.

Thank you for the report, and for helping us make PHP.net better.


 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Dec 06 23:01:26 2024 UTC