php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #52856 XSLTProcessor mishandles XML entities
Submitted: 2010-09-15 22:44 UTC Modified: 2013-12-02 14:24 UTC
Votes:2
Avg. Score:3.0 ± 2.0
Reproduced:2 of 2 (100.0%)
Same Version:1 (50.0%)
Same OS:2 (100.0%)
From: zweibieren at yahoo dot com Assigned:
Status: Not a bug Package: XSLT related
PHP Version: 5.2.14 OS: Linux 2.6.32.8-grsec-2.1
Private report: No CVE-ID: None
 [2010-09-15 22:44 UTC] zweibieren at yahoo dot com
Description:
------------
XSLTProcessor does not handle DOMEntity nodes properly. It substitutes nothing instead of the entity value. 

In the sample script the bad behavior is demonstrated by switching values of 
substituteEntities in the DOMDocument instance used to read the $xml file.
The test data has entity references within parentheses:  (&test;) and ( ).

The output of the sample program is 
    with sustituteEntities=false: &test;=>()  =>()
    with sustituteEntities=true: &test;=>(OK)  =>( ) 
For the first line, entity references are passed unmodified to XSLTProcessor and they are then omitted from the output.
For the second line, DOMDocument::load has replaced the entity references in the tree that is passed to XSLTProcessor. So the entity values show up properly in the output.

Test script:
---------------
<?php
function runtest($xml, $se) {
	$xmlDoc = new DOMDocument(); $xmlDoc->substituteEntities = $se;  $xmlDoc->loadXML($xml);	
	$proc = new XSLTProcessor();  $proc->importStylesheet($xmlDoc);
	$html = $proc->transformToXML(new DOMDocument());
	echo "with sustituteEntities=" . ($se?"true":"false") . ": $html<br/>\n";
}
$xml = <<<EOF
<?xml version="1.0" encoding="utf-8"?><!DOCTYPE testdoc [<!ENTITY test "OK"> <!ENTITY nbsp "&#160;"> ]>
<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<xsl:template match="/">
&amp;test;=>(&test;)    &amp;nbsp;=>(&nbsp;)
</xsl:template></xsl:stylesheet>
EOF;
echo "<html><body>";
runtest($xml, false);
runtest($xml, true);
echo "</body></html>";
?>

Expected result:
----------------
    with sustituteEntities=false: &test;=>() &nbsp;=>()
    with sustituteEntities=true: &test;=>(OK) &nbsp;=>( ) 

The first line is wrong. The second is correct.

Actual result:
--------------
see expected results (the test produces both the correct and incorrect behavior)

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-09-16 01:12 UTC] zweibieren at yahoo dot com
-Operating System: Linux palikir 2.6.32.8-grsec-2.1 +Operating System: Linux 2.6.32.8-grsec-2.1
 [2010-09-16 01:12 UTC] zweibieren at yahoo dot com
"palikir" was the host at Dreamhost.com
 [2013-12-02 14:24 UTC] mike@php.net
-Status: Open +Status: Not a bug
 [2013-12-02 14:24 UTC] mike@php.net
xsltproc obviously does exaclty the same, substitute entities:

$ xsltproc test.xsl test.xml
<?xml version="1.0"?>

&amp;test;=&gt;(OK)    &amp;nbsp;=&gt;( )
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Fri Dec 06 06:01:23 2019 UTC