php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #73053 XML reader with setSchema now fails under 5.6.25
Submitted: 2016-09-09 04:49 UTC Modified: 2017-08-16 16:30 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: bruceleister at gmail dot com Assigned:
Status: Suspended Package: XML Reader
PHP Version: 5.6.25 OS: Windows Server 2012R2 Standard
Private report: No CVE-ID: None
 [2016-09-09 04:49 UTC] bruceleister at gmail dot com
Description:
------------
The bit of code below has always been used to verify incoming XML against a Schema XSD file.

It worked fine under 5.6.22, and last 3 years, but after upgrade to 5.6.25 would get the schema mis-matches shown below, note all the values it was testing are shown as blank, in the message, but are there in the XML file.

I can send sample XML and XSD files if required


Test script:
---------------
$xml = new XMLReader();
if(!$xml->open($dir.$file,null,LIBXML_PARSEHUGE)){
  logging('Unable to Open XML file (Full Parse 1):'.$dir.$file);
  return false;
}
$xml->setSchema($xsd_dir.$xsd);
while($xml->read()){
}


Actual result:
--------------
XSD: Element 'request', attribute 'schema_version': '' is not a valid value of the atomic type 'xs:decimal'.
Element 'request', attribute 'schema_id': The value '(null)' does not match the fixed value constraint 'WBC-CSR-Request.xsd'.
Element 'request', attribute 'requestor': The value '(null)' does not match the fixed value constraint 'WBC-RFS'.
Element 'service', attribute 'requestType': [facet 'enumeration'] The value '' is not an element of the set {'Catalogue', 'Bespoke', 'Defined', 'Other'}.
Element 'service', attribute 'requestType': '' is not a valid value of the atomic type 'sr_type'.
Element 'service', attribute 'requestId': [facet 'length'] The value '' has a length of '0'; this differs from the allowed length of '15'.
Element 'service', attribute 'requestId': '' is not a valid value of the atomic type 'sr_id_type'.
Element 'project', attribute 'type': [facet 'enumeration'] The value '' is not an element of the set {'bau', 'project'}.
Element 'project', attribute 'type': '' is not a valid value of the atomic type 'sr_project_type'.
Element 'contact', attribute 'type': [facet 'enumeration'] The value '' is not an element of the set {'primary', 'alternate', 'original requestor', 'primary - PIV', 'alternate - PIV'}.
Element 'contact', attribute 'type': '' is not a valid value of the atomic type 'contact_type_type'.
Element 'contact', attribute 'id': [facet 'minLength'] The value '' has a length of '0'; this underruns the allowed minimum length of '1'.
Element 'contact', attribute 'id': '' is not a valid value of the local atomic type.
Element 'contact', attribute 'type': [facet 'enumeration'] The value '' is not an element of the set {'primary', 'alternate', 'original requestor', 'primary - PIV', 'alternate - PIV'}.
Element 'contact', attribute 'type': '' is not a valid value of the atomic type 'contact_type_type'.
Element 'contact', attribute 'id': [facet 'minLength'] The value '' has a length of '0'; this underruns the allowed minimum length of '1'.
Element 'contact', attribute 'id': '' is not a valid value of the local atomic type.
Element 'contact', attribute 'type': [facet 'enumeration'] The value '' is not an element of the set {'primary', 'alternate', 'original requestor', 'primary - PIV', 'alternate - PIV'}.
Element 'contact', attribute 'type': '' is not a valid value of the atomic type 'contact_type_type'.
Element 'contact', attribute 'id': [facet 'minLength'] The value '' has a length of '0'; this underruns the allowed minimum length of '1'.
Element 'contact', attribute 'id': '' is not a valid value of the local atomic type.
Element 'SLAs', attribute 'count': '' is not a valid value of the atomic type 'xs:positiveInteger'.
Element 'workinfos', attribute 'count': '' is not a valid value of the atomic type 'xs:positiveInteger'.
Element 'workinfo', attribute 'date': '' is not a valid value of the atomic type 'xs:dateTime'.
Element 'workinfo', attribute 'type': [facet 'enumeration'] The value '' is not an element of the set {'External Dependancy', 'Notes for the Vendor', 'SLA Notes for the Vendor'}.
Element 'workinfo', attribute 'type': '' is not a valid value of the atomic type 'csr_workinfo_request_type'.
Element 'attachments', attribute 'count': '' is not a valid value of the atomic type 'xs:positiveInteger'.
Element 'attachment', attribute 'date': '' is not a valid value of the atomic type 'xs:dateTime'.
Element 'attachment', attribute 'type': [facet 'enumeration'] The value '' is not an element of the set {'Service Plan', 'Test Plan', 'Test Results', 'Customer Survey'}.
Element 'attachment', attribute 'type': '' is not a valid value of the atomic type 'csr_attachment_request_type'.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-09-09 18:20 UTC] cmb@php.net
-Status: Open +Status: Feedback -Assigned To: +Assigned To: cmb
 [2016-09-09 18:20 UTC] cmb@php.net
There haven't been any relevant changes to XMLReader for years (at
least in the PHP-5.6 branch)[1]. The behavioral change might
simply be caused by an updated libxml.

Anyhow, it would be helpful if you could make sample XML and XSD
files available.

[1] <https://github.com/php/php-src/commits/PHP-5.6/ext/xmlreader>
 [2016-09-10 00:39 UTC] bruceleister at gmail dot com
Thanks for looking at this,

I saw the point increase of libXMl2, but I'm running on Windows pre-build binaries, so can not change the build.

I have sent sample files via email from my work's email
 [2016-09-10 00:53 UTC] cmb@php.net
-Status: Feedback +Status: Open
 [2016-09-10 00:53 UTC] cmb@php.net
Thanks! I'll have a look at it ASAP.
 [2016-09-10 15:19 UTC] cmb@php.net
-Status: Assigned +Status: Analyzed
 [2016-09-10 15:19 UTC] cmb@php.net
I can reproduce the issue as of PHP 5.6.23. The culprit is libxml2
2.9.4, which introduced a severe regression with regard to XSD
schema validation[1].

As libxml2 2.9.4 fixed several security issues, I don't think it
would be good to switch back to 2.9.3 for now, but perhaps a
bugfix in winlibs/libxml2[2] would be appropriate, so that PHP
5.6.26+ could be shipped with working XSD validation even if no
new libxml2 version would be released in the meantime).

[1] <https://bugzilla.gnome.org/show_bug.cgi?id=766834>
[2] <https://github.com/winlibs/libxml2>
 [2016-09-10 19:38 UTC] cmb@php.net
I have submitted PR <https://github.com/winlibs/libxml2/pull/2>.

I'm suspending this ticket until the issue will be fixed with a
new libxml2 release.
 [2016-09-10 19:38 UTC] cmb@php.net
-Status: Analyzed +Status: Suspended
 [2016-09-10 22:24 UTC] cmb@php.net
Added a test case: <http://git.php.net/?p=php-src.git;a=commit;h=326a4e38>.
 [2017-08-16 16:30 UTC] cmb@php.net
-Assigned To: cmb +Assigned To:
 [2023-08-10 13:22 UTC] asdasuh at gmail dot com
'Test Results,' 'Customer Survey' is well executed and written. 
Recently, I had to take my publix Customer Experience survey at the official survey portal Publixsurvey.online to share my honest feedback about the shopping experience. After shopping, Don't miss the chance to win a $1000 Sweepstakes Gift card by taking the Publix Survey.
Survey portal for publix customers https://github.com.php)(https://publixsurvey.online/)
 [2024-04-08 16:47 UTC] receiptify7 at gmail dot com
https://github.com.php)(https://publixsurvey.cloud/)
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon Nov 25 06:01:32 2024 UTC