php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #81351 xml_parse may fail, but has no error code
Submitted: 2021-08-11 19:04 UTC Modified: 2021-08-12 14:33 UTC
From: dave dot lampert at rpm6 dot com Assigned: cmb (profile)
Status: Closed Package: *XML functions
PHP Version: 8.0.9 OS: Windows
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: dave dot lampert at rpm6 dot com
New email:
PHP Version: OS:

 

 [2021-08-11 19:04 UTC] dave dot lampert at rpm6 dot com
Description:
------------
---
From manual page: https://php.net/function.xml-parse
---
If xml_parse tries to parse XML containing <X xmlns="something">, it sees that "something" doesn't start with "http://" or "https://", so xml_parse returns 0; however, xml_get_error_code also returns 0 ("No error"). This only happens when parsing in fragments near that bad XML namespace.

Test script:
---------------
<?php
class XMLProcessor
{
    public function test()
    {
        $bad_xmlns = true;
        $parser = xml_parser_create_ns('UTF-8');
        xml_set_object($parser, $this);
        $success = xml_parse($parser, '<?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><soap:Body><X xmlns="'.($bad_xmlns ? '' : 'http://').'example.org"><', false);
        $code = xml_get_error_code($parser);
        $error = xml_error_string($code);
        echo "xml_parse returned $success, xml_get_error_code = $code, xml_error_string = $error\r\n";
        $success = xml_parse($parser, 'Y>', false);
        $code = xml_get_error_code($parser);
        $error = xml_error_string($code);
        echo "xml_parse returned $success, xml_get_error_code = $code, xml_error_string = $error\r\n";
    }
}
(new XMLProcessor())->test();

Expected result:
----------------
xml_parse returned 1, xml_get_error_code = 0, xml_error_string = No error
xml_parse returned 0, xml_get_error_code = {some number), xml_error_string = {some description}

Actual result:
--------------
xml_parse returned 1, xml_get_error_code = 0, xml_error_string = No error
xml_parse returned 0, xml_get_error_code = 0, xml_error_string = No error

Patches

Add a Patch

Pull Requests

Pull requests:

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2021-08-11 19:08 UTC] dave dot lampert at rpm6 dot com
-Summary: xml_parse errors, but has no error code, when xmlns isn't a FQDN +Summary: xml_parse errs, but has no error code, when xmlns isn't a FQDN
 [2021-08-11 19:08 UTC] dave dot lampert at rpm6 dot com
See also https://paiza.io/projects/YqtMZmN079wvnbHbQcGz_Q to test it out. It won't fail if you combine the two strings and parse all at once.
 [2021-08-12 13:45 UTC] cmb@php.net
-Status: Open +Status: Verified -Assigned To: +Assigned To: cmb
 [2021-08-12 13:45 UTC] cmb@php.net
I can confirm the behavior.  The problem is the handling of
warnings. xml_get_error_code() returns 0 for these, but
xml_parse() bails out early, if a warning had already been raised.
You can see that when dumping the result of
libxml_get_last_error() after the first xml_parse():

object(LibXMLError)#2 (6) {
  ["level"]=>
  int(1)
  ["code"]=>
  int(100)
  ["column"]=>
  int(239)
  ["message"]=>
  string(39) "xmlns: URI example.org is not absolute
"
  ["file"]=>
  string(0) ""
  ["line"]=>
  int(1)
}

Ah, actually this is a regression by an unappropriate fix for bug
#73135.
 [2021-08-12 14:33 UTC] cmb@php.net
-Summary: xml_parse errs, but has no error code, when xmlns isn't a FQDN +Summary: xml_parse may fail, but has no error code
 [2021-08-12 14:34 UTC] cmb@php.net
The following pull request has been associated:

Patch Name: Fix #81351: xml_parse may fail, but has no error code
On GitHub:  https://github.com/php/php-src/pull/7363
Patch:      https://github.com/php/php-src/pull/7363.patch
 [2021-08-13 15:41 UTC] git@php.net
Automatic comment on behalf of cmb69
Revision: https://github.com/php/php-src/commit/80a377e69ba482257547b430a0250e152ff5dc4a
Log: Fix #81351: xml_parse may fail, but has no error code
 [2021-08-13 15:41 UTC] git@php.net
-Status: Verified +Status: Closed
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Tue Nov 30 22:03:36 2021 UTC