|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #8684 Call to parse_xml causes page load to fail.
Submitted: 2001-01-12 16:05 UTC Modified: 2001-01-12 22:19 UTC
From: csiefert at nh dot ca Assigned:
Status: Closed Package: *XML functions
PHP Version: 4.0.4 OS: Solaris
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: csiefert at nh dot ca
New email:
PHP Version: OS:


 [2001-01-12 16:05 UTC] csiefert at nh dot ca
You can ignore the script if desired because it is an exact duplicate of the final test example contained in the xml parsing documentation on this site.  This script causes a browser message box to appear saying the page cannot be opened due to the server returning an invalid or unrecognized response.

$file = "xmltest.xml";

function trustedFile($file) {
    // only trust local files owned by ourselves
    if (!eregi("^([a-z]+)://", $file) 
        && fileowner($file) == getmyuid()) {
            return true;
    return false;

function startElement($parser, $name, $attribs) {
    print "&lt;<font color=\"#0000cc\">$name</font>";
    if (sizeof($attribs)) {
        while (list($k, $v) = each($attribs)) {
            print " <font color=\"#009900\">$k</font>=\"<font 
    print "&gt;";

function endElement($parser, $name) {
    print "&lt;/<font color=\"#0000cc\">$name</font>&gt;";

function characterData($parser, $data) {
    print "<b>$data</b>";

function PIHandler($parser, $target, $data) {
    switch (strtolower($target)) {
        case "php":
            global $parser_file;
            // If the parsed document is "trusted", we say it is safe
            // to execute PHP code inside it.  If not, display the code
            // instead.
            if (trustedFile($parser_file[$parser])) {
            } else {
                printf("Untrusted PHP code: <i>%s</i>", 

function defaultHandler($parser, $data) {
    if (substr($data, 0, 1) == "&" && substr($data, -1, 1) == ";") {
        printf('<font color="#aa00aa">%s</font>', 
    } else {
        printf('<font size="-1">%s</font>', 

function externalEntityRefHandler($parser, $openEntityNames, $base, $systemId,
                                  $publicId) {
    if ($systemId) {
        if (!list($parser, $fp) = new_xml_parser($systemId)) {
            printf("Could not open entity %s at %s\n", $openEntityNames,
            return false;
        while ($data = fread($fp, 4096)) {
            if (!xml_parse($parser, $data, feof($fp))) {
                printf("XML error: %s at line %d while parsing entity %s\n",
                       xml_get_current_line_number($parser), $openEntityNames);
                return false;
        return true;
    return false;

function new_xml_parser($file) {
    global $parser_file;

    $xml_parser = xml_parser_create();
    xml_parser_set_option($xml_parser, XML_OPTION_CASE_FOLDING, 1);
    xml_set_element_handler($xml_parser, "startElement", "endElement");
    xml_set_character_data_handler($xml_parser, "characterData");
    xml_set_processing_instruction_handler($xml_parser, "PIHandler");
    xml_set_default_handler($xml_parser, "defaultHandler");
    xml_set_external_entity_ref_handler($xml_parser, "externalEntityRefHandler");
    if (!($fp = @fopen($file, "r"))) {
        return false;
    if (!is_array($parser_file)) {
        settype($parser_file, "array");
    $parser_file[$xml_parser] = $file;
    return array($xml_parser, $fp);

if (!(list($xml_parser, $fp) = new_xml_parser($file))) {
    die("could not open XML input");

print "<pre>";
while ($data = fread($fp, 4096)) {
    if (!xml_parse($xml_parser, $data, feof($fp))) {
        die(sprintf("XML error: %s at line %d\n",
print "</pre>";
print "parse complete\n";

echo phpinfo();


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2001-01-12 22:19 UTC]
This is fixed in PHP 4.0.4pl1.

PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon Jul 22 05:01:29 2024 UTC