php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #75421 Invalid values accepted for the SoapHeader actor parameter.
Submitted: 2017-10-23 23:30 UTC Modified: -
From: kguest@php.net Assigned:
Status: Open Package: SOAP related
PHP Version: 7.1.10 OS:
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2017-10-23 23:30 UTC] kguest@php.net
Description:
------------
As per the spec,the SoapHeader actor attribute/parameter should be an URI/URL.

https://www.w3.org/TR/2000/NOTE-SOAP-20000508/#_Toc478383499

There is no validation to ensure this is the case.

Test script:
---------------
<?php
$namespace = 'urn:Foo-BAR';
$soapVarHeader = "value";
$invalidURL = "http://127_0_0_1/next";
$soapHeader = new SoapHeader($namespace, "name", $soapVarHeader, false, $invalidURL);
var_dump ($soapHeader);
?>


Expected result:
----------------
var_dump should not execute. A warning should be raised/thrown.

Actual result:
--------------
var_dump displays the following. It shouldn't get that far.

class SoapHeader#1 (5) {
  public $namespace =>
  string(11) "urn:Foo-BAR"
  public $name =>
  string(4) "name"
  public $data =>
  string(5) "value"
  public $mustUnderstand =>
  bool(false)
  public $actor =>
  string(21) "http://127_0_0_1/next"
}


Patches

Add a Patch

Pull Requests

Add a Pull Request

 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Thu Aug 22 04:01:26 2019 UTC