php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #57802 SDO DAS XML does not enforce <restriction>
Submitted: 2007-08-28 15:05 UTC Modified: 2017-01-10 08:08 UTC
From: mattsch at gmail dot com Assigned:
Status: Suspended Package: SCA_SDO (PECL)
PHP Version: 5.2.3 OS: Gentoo Linux
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2007-08-28 15:05 UTC] mattsch at gmail dot com
Description:
------------
I did not see any mention of the lack of simple type restriction/facet enforcement in SDO DAS XML in the php documentation so I am assuming this is a bug.

Page 13 of SDO 2.1 Spec:

If a client sends a modified data graph to a DAS, (the original DAS or a different one), then the
DAS will check the data graph for errors. These errors include lack of closure of the data graph,
values outside the lower and upper bounds of a property, choices spanning several properties or
DataObjects, deferred constraints, or any restrictions specific to the DAS (for example, XML
Schema specific validations). Closure means that any DataObject references, made within the
graph of DataObjects, point to a DataObject that is in the graph. Usually, the DAS will report
update problems by throwing exceptions.

Reproduce code:
---------------
<?xml version="1.0" encoding="UTF-8"?>
<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema">

<xsd:element name="request" type="requestType"/>

<xsd:complexType name="requestType" abstract="true"/>

<xsd:complexType name="collectionInfo">
  <xsd:complexContent>
    <xsd:extension base="requestType">
      <xsd:sequence minOccurs="0" maxOccurs="unbounded">
        <xsd:element name="collection">
          <xsd:simpleType>
            <xsd:restriction base="xsd:token">
              <xsd:minLength value="2"/>
              <xsd:maxLength value="2"/>
            </xsd:restriction>
          </xsd:simpleType>
        </xsd:element>
      </xsd:sequence>
      <xsd:attribute name="kind" type="xsd:string" fixed="collectionInfo"/>
    </xsd:extension>
  </xsd:complexContent>
</xsd:complexType>

<xsd:element name="request-list">
  <xsd:complexType>
     <xsd:sequence>
        <xsd:element ref="request" minOccurs="0" maxOccurs="unbounded"/>
     </xsd:sequence>
  </xsd:complexType>
</xsd:element>

</xsd:schema>


<?php

try {
	$xmldas = SDO_DAS_XML::create("request.xsd");
	try {
		$doc = $xmldas->createDocument('', 'request-list');
		$rdo = $doc->getRootDataObject();
		$request = $xmldas->createDataObject('', 'collectionInfo');
		$request->collection->insert('Collection data should not be longer or shorter than 2 characters.');
		$request->kind = 'collectionInfo';
		$rdo->request->insert($request);
		print($xmldas->saveString($doc));
	} catch (SDO_Exception $e) {
		print($e);
	}
} catch (SDO_Exception $e) {
	print("Problem creating an XML document: " . $e->getMessage());
}

?>

Expected result:
----------------
Throw an exception (different exceptions depending on restriction?) to enforce restriction/facet.

Actual result:
--------------
Allows any data and totally disregards type and restriction.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-08-28 15:06 UTC] mattsch at gmail dot com
Updating php version.
 [2007-08-29 12:28 UTC] gcc@php.net
Unfortunately, this defect and most of the others you raised around the same time are related to XML schema validation.  The SDO spec talks about 2 kinds of validation - immediate (make sure things are valid when they're set) and deferred (validate later - either with an explicit call to a validator or as a save option, for example). Some things can't be immediately validated - e.g., if the minOccurs is 3 - but you start out with 0 values, so until you're finished setting all the values the instance will be invalid.  

In SDO for PHP, we do not currently support XML schema validation.  When SDO loads the XML schema, it creates an SDO model from that schema.  The SDO model is not a complete faithful representation of the XML schema.  Setting and getting data from an SDO is performed relative to the SDO model (not the XML schema), and therefore validation against the XML schema is not performed.

SDO does not support strict validation through the DAS either as an explicit act or during writing.  It will ensure the general hierarchal structure is preserved because this is held in the SDO model, and it will also write attributes and elements appropriately, but knowledge of <choice /> restrictions, and so on, is not preserved or enforced.

There has been discussion on the phpsoa google group about validation (http://groups.google.co.uk/group/phpsoa/browse_thread/thread/0697ece05fd15c12/88015bde97870216#88015bde97870216).  The favored solution would be to add an explicit validate() option to the XML DAS.  I'd be interest in your thought as to whether the ideas discussed there would satisfy your requirements.
 [2007-08-29 13:17 UTC] mattsch at gmail dot com
A validate method seems like the best course of action to me.   I am assuming that each time the validate method is called, it would validate what it has up to that point?  I like this method better than a boolean flag because you could potentially validate before you're finished creating the whole document.
 [2017-01-10 08:08 UTC] kalle@php.net
-Status: Open +Status: Suspended
 [2017-01-10 08:08 UTC] kalle@php.net
Suspending this report as the extension have not had a release for almost 9 years.  Please revive this if the extension once again shows life
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sun Jul 14 23:01:30 2024 UTC