php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #73053 XML reader with setSchema now fails under 5.6.25
Submitted: 2016-09-09 04:49 UTC Modified: 2017-08-16 16:30 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: bruceleister at gmail dot com Assigned:
Status: Suspended Package: XML Reader
PHP Version: 5.6.25 OS: Windows Server 2012R2 Standard
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2016-09-09 04:49 UTC] bruceleister at gmail dot com
Description:
------------
The bit of code below has always been used to verify incoming XML against a Schema XSD file.

It worked fine under 5.6.22, and last 3 years, but after upgrade to 5.6.25 would get the schema mis-matches shown below, note all the values it was testing are shown as blank, in the message, but are there in the XML file.

I can send sample XML and XSD files if required


Test script:
---------------
$xml = new XMLReader();
if(!$xml->open($dir.$file,null,LIBXML_PARSEHUGE)){
  logging('Unable to Open XML file (Full Parse 1):'.$dir.$file);
  return false;
}
$xml->setSchema($xsd_dir.$xsd);
while($xml->read()){
}


Actual result:
--------------
XSD: Element 'request', attribute 'schema_version': '' is not a valid value of the atomic type 'xs:decimal'.
Element 'request', attribute 'schema_id': The value '(null)' does not match the fixed value constraint 'WBC-CSR-Request.xsd'.
Element 'request', attribute 'requestor': The value '(null)' does not match the fixed value constraint 'WBC-RFS'.
Element 'service', attribute 'requestType': [facet 'enumeration'] The value '' is not an element of the set {'Catalogue', 'Bespoke', 'Defined', 'Other'}.
Element 'service', attribute 'requestType': '' is not a valid value of the atomic type 'sr_type'.
Element 'service', attribute 'requestId': [facet 'length'] The value '' has a length of '0'; this differs from the allowed length of '15'.
Element 'service', attribute 'requestId': '' is not a valid value of the atomic type 'sr_id_type'.
Element 'project', attribute 'type': [facet 'enumeration'] The value '' is not an element of the set {'bau', 'project'}.
Element 'project', attribute 'type': '' is not a valid value of the atomic type 'sr_project_type'.
Element 'contact', attribute 'type': [facet 'enumeration'] The value '' is not an element of the set {'primary', 'alternate', 'original requestor', 'primary - PIV', 'alternate - PIV'}.
Element 'contact', attribute 'type': '' is not a valid value of the atomic type 'contact_type_type'.
Element 'contact', attribute 'id': [facet 'minLength'] The value '' has a length of '0'; this underruns the allowed minimum length of '1'.
Element 'contact', attribute 'id': '' is not a valid value of the local atomic type.
Element 'contact', attribute 'type': [facet 'enumeration'] The value '' is not an element of the set {'primary', 'alternate', 'original requestor', 'primary - PIV', 'alternate - PIV'}.
Element 'contact', attribute 'type': '' is not a valid value of the atomic type 'contact_type_type'.
Element 'contact', attribute 'id': [facet 'minLength'] The value '' has a length of '0'; this underruns the allowed minimum length of '1'.
Element 'contact', attribute 'id': '' is not a valid value of the local atomic type.
Element 'contact', attribute 'type': [facet 'enumeration'] The value '' is not an element of the set {'primary', 'alternate', 'original requestor', 'primary - PIV', 'alternate - PIV'}.
Element 'contact', attribute 'type': '' is not a valid value of the atomic type 'contact_type_type'.
Element 'contact', attribute 'id': [facet 'minLength'] The value '' has a length of '0'; this underruns the allowed minimum length of '1'.
Element 'contact', attribute 'id': '' is not a valid value of the local atomic type.
Element 'SLAs', attribute 'count': '' is not a valid value of the atomic type 'xs:positiveInteger'.
Element 'workinfos', attribute 'count': '' is not a valid value of the atomic type 'xs:positiveInteger'.
Element 'workinfo', attribute 'date': '' is not a valid value of the atomic type 'xs:dateTime'.
Element 'workinfo', attribute 'type': [facet 'enumeration'] The value '' is not an element of the set {'External Dependancy', 'Notes for the Vendor', 'SLA Notes for the Vendor'}.
Element 'workinfo', attribute 'type': '' is not a valid value of the atomic type 'csr_workinfo_request_type'.
Element 'attachments', attribute 'count': '' is not a valid value of the atomic type 'xs:positiveInteger'.
Element 'attachment', attribute 'date': '' is not a valid value of the atomic type 'xs:dateTime'.
Element 'attachment', attribute 'type': [facet 'enumeration'] The value '' is not an element of the set {'Service Plan', 'Test Plan', 'Test Results', 'Customer Survey'}.
Element 'attachment', attribute 'type': '' is not a valid value of the atomic type 'csr_attachment_request_type'.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-09-09 18:20 UTC] cmb@php.net
-Status: Open +Status: Feedback -Assigned To: +Assigned To: cmb
 [2016-09-09 18:20 UTC] cmb@php.net
There haven't been any relevant changes to XMLReader for years (at
least in the PHP-5.6 branch)[1]. The behavioral change might
simply be caused by an updated libxml.

Anyhow, it would be helpful if you could make sample XML and XSD
files available.

[1] <https://github.com/php/php-src/commits/PHP-5.6/ext/xmlreader>
 [2016-09-10 00:39 UTC] bruceleister at gmail dot com
Thanks for looking at this,

I saw the point increase of libXMl2, but I'm running on Windows pre-build binaries, so can not change the build.

I have sent sample files via email from my work's email
 [2016-09-10 00:53 UTC] cmb@php.net
-Status: Feedback +Status: Open
 [2016-09-10 00:53 UTC] cmb@php.net
Thanks! I'll have a look at it ASAP.
 [2016-09-10 15:19 UTC] cmb@php.net
-Status: Assigned +Status: Analyzed
 [2016-09-10 15:19 UTC] cmb@php.net
I can reproduce the issue as of PHP 5.6.23. The culprit is libxml2
2.9.4, which introduced a severe regression with regard to XSD
schema validation[1].

As libxml2 2.9.4 fixed several security issues, I don't think it
would be good to switch back to 2.9.3 for now, but perhaps a
bugfix in winlibs/libxml2[2] would be appropriate, so that PHP
5.6.26+ could be shipped with working XSD validation even if no
new libxml2 version would be released in the meantime).

[1] <https://bugzilla.gnome.org/show_bug.cgi?id=766834>
[2] <https://github.com/winlibs/libxml2>
 [2016-09-10 19:38 UTC] cmb@php.net
I have submitted PR <https://github.com/winlibs/libxml2/pull/2>.

I'm suspending this ticket until the issue will be fixed with a
new libxml2 release.
 [2016-09-10 19:38 UTC] cmb@php.net
-Status: Analyzed +Status: Suspended
 [2016-09-10 22:24 UTC] cmb@php.net
Added a test case: <http://git.php.net/?p=php-src.git;a=commit;h=326a4e38>.
 [2017-08-16 16:30 UTC] cmb@php.net
-Assigned To: cmb +Assigned To:
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Sat Oct 19 12:01:27 2019 UTC