php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #76719 PECL REST channel returns invalid XML
Submitted: 2018-08-08 02:24 UTC Modified: 2018-08-08 17:35 UTC
From: dzuelke at gmail dot com Assigned:
Status: Open Package: PECL website (PECL)
PHP Version: Irrelevant OS: irrelevant
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: dzuelke at gmail dot com
New email:
PHP Version: OS:

 

 [2018-08-08 02:24 UTC] dzuelke at gmail dot com
Description:
------------
Same again as #58446, #59098, #59666...

Several endpoints in the API return invalid XML, the issue is always the same: weird XML prolog and extra elements in the middle of the document; sometimes just one more time, sometimes more, e.g. one in Authentication, three in Caching:

...
<pi>
<p><n>PAM</n>
 <c>pecl.php.net</c>
 <ca xlink:href="/rest/c/Authentication">Authentication</ca>
 <l>PHP</l>
 <s>PAM integration</s>
 <d>This extension provides PAM (Pluggable Authentication Modules) integration. PAM is a system of libraries that handle the authentication tasks of applications and services. The library provides a stable API for applications to defer to for authentication tasks.</d>
 <r xlink:href="/rest/r/pam"/>
</p><?xml version="1.0" encoding="UTF-8" ?>
<a xmlns="http://pear.php.net/dtd/rest.allreleases"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xlink="http://www.w3.org/1999/xlink"     xsi:schemaLocation="http://pear.php.net/dtd/rest.allreleases
    http://pear.php.net/dtd/rest.allreleases.xsd">
 <p>pam</p>
 <c>pecl.php.net</c>
 <r><v>1.0.3</v><s>stable</s></r>
 <r><v>1.0.2</v><s>stable</s></r>
 <r><v>1.0.1</v><s>stable</s></r>
 <r><v>1.0.0</v><s>stable</s></r>
</a>

The test script below outputs the number of XML prologs for each category that has more than one in the XML.

Test script:
---------------
for f in $(curl https://pecl.php.net/rest/c/categories.xml | grep -o 'c xlink:href="[^"]*' | cut -d'"' -f2 | sed 's/info.xml/packagesinfo.xml/' | sed s#^#https://pecl.php.net#); do { echo -n "$f: "; curl --silent $f | grep '<?xml' | wc -l; } | grep -v 1; done

Actual result:
--------------
https://pecl.php.net/rest/c/Authentication/packagesinfo.xml:        2
https://pecl.php.net/rest/c/Caching/packagesinfo.xml:        4
https://pecl.php.net/rest/c/Database/packagesinfo.xml:        2
https://pecl.php.net/rest/c/File%2BFormats/packagesinfo.xml:        2
https://pecl.php.net/rest/c/GUI/packagesinfo.xml:        2
https://pecl.php.net/rest/c/Images/packagesinfo.xml:        3
https://pecl.php.net/rest/c/Networking/packagesinfo.xml:        3
https://pecl.php.net/rest/c/Numbers/packagesinfo.xml:        2
https://pecl.php.net/rest/c/PHP/packagesinfo.xml:        2
https://pecl.php.net/rest/c/System/packagesinfo.xml:        2
https://pecl.php.net/rest/c/Text/packagesinfo.xml:        2
https://pecl.php.net/rest/c/Web%2BServices/packagesinfo.xml:        2

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2018-08-08 17:35 UTC] cmb@php.net
It seems to me that this code[1] didn't work as hoped.

[1] <https://github.com/php/web-pecl/blob/da4fe2a/include/pear-rest.php#L133-L139>
 [2018-08-08 21:22 UTC] dzuelke at gmail dot com
Ugh, XML assembled via string concatenation? No wonder this is buggy.
 
PHP Copyright © 2001-2018 The PHP Group
All rights reserved.
Last updated: Sun Oct 21 06:01:26 2018 UTC