PHP :: Doc Bug #75421 :: Invalid values accepted for the SoapHeader actor parameter.

Doc Bug #75421	Invalid values accepted for the SoapHeader actor parameter.
Submitted:	2017-10-23 23:30 UTC	Modified:	2021-03-23 14:53 UTC
From:	kguest@php.net	Assigned:
Status:	Open	Package:	SOAP related
PHP Version:	7.1.10	OS:
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	kguest@php.net
New email:
PHP Version:		OS:

New/Additional Comment:

[2017-10-23 23:30 UTC] kguest@php.net

Description:
------------
As per the spec,the SoapHeader actor attribute/parameter should be an URI/URL.

https://www.w3.org/TR/2000/NOTE-SOAP-20000508/#_Toc478383499

There is no validation to ensure this is the case.

Test script:
---------------
<?php
$namespace = 'urn:Foo-BAR';
$soapVarHeader = "value";
$invalidURL = "http://127_0_0_1/next";
$soapHeader = new SoapHeader($namespace, "name", $soapVarHeader, false, $invalidURL);
var_dump ($soapHeader);
?>


Expected result:
----------------
var_dump should not execute. A warning should be raised/thrown.

Actual result:
--------------
var_dump displays the following. It shouldn't get that far.

class SoapHeader#1 (5) {
  public $namespace =>
  string(11) "urn:Foo-BAR"
  public $name =>
  string(4) "name"
  public $data =>
  string(5) "value"
  public $mustUnderstand =>
  bool(false)
  public $actor =>
  string(21) "http://127_0_0_1/next"
}

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2021-03-23 14:53 UTC] cmb@php.net

-Type: Bug +Type: Documentation Problem

[2021-03-23 14:53 UTC] cmb@php.net

I can confirm the behavior.  However, it appears to be debatable
whether it's the responsibility of the user to pass an URI, or
whether SoapHeader::__construct() should reject anything else.
Obviously, the implementation is intentionally liberal[1], and
changing this might break some code.

IMO, we should primarily document this.

[1] <https://github.com/php/php-src/blob/php-7.4.16/ext/soap/soap.c#L841-L851>

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Apr 18 04:01:27 2024 UTC