diff options
| author | Christoph M. Becker <cmbecker69@gmx.de> | 2018-10-09 16:04:43 +0200 |
|---|---|---|
| committer | Christoph M. Becker <cmbecker69@gmx.de> | 2018-10-09 16:04:43 +0200 |
| commit | 2845f859c19965691855c66bc18d94a4e06ff329 (patch) | |
| tree | f303f79d3495ac282035d9b73623d553333d8158 | |
| parent | f42d7bddc0479651ecf7f9cdf375bba74b609bea (diff) | |
| download | php-git-2845f859c19965691855c66bc18d94a4e06ff329.tar.gz | |
Fix #30875: xml_parse_into_struct() does not resolve entities
Setting up an empty default handler is not only useless, but actually
harmful, since internal entity-references are not resolved anymore.
From the libexpat docs[1]:
| Setting the handler with this call has the side effect of
| turning off expansion of references to internally defined general
| entities. Instead these references are passed to the default
| handler.
[1] <https://www.xml.com/pub/1999/09/expat/reference.html#setdefhandler>
| -rw-r--r-- | NEWS | 3 | ||||
| -rw-r--r-- | ext/xml/tests/bug30875.phpt | 42 | ||||
| -rw-r--r-- | ext/xml/xml.c | 1 |
3 files changed, 45 insertions, 1 deletions
@@ -26,6 +26,9 @@ PHP NEWS . Fixed bug #76965 (INI_SCANNER_RAW doesn't strip trailing whitespace). (Pierrick) +- XML: + . Fixed bug #30875 (xml_parse_into_struct() does not resolve entities). (cmb) + 11 Oct 2018, PHP 7.1.23 - Core: diff --git a/ext/xml/tests/bug30875.phpt b/ext/xml/tests/bug30875.phpt new file mode 100644 index 0000000000..c5254e9668 --- /dev/null +++ b/ext/xml/tests/bug30875.phpt @@ -0,0 +1,42 @@ +--TEST-- +Bug #30875 (xml_parse_into_struct() does not resolve entities) +--SKIPIF-- +<?php +if (!extension_loaded('xml')) die('skip xml extension not available'); +?> +--FILE-- +<?php + +$xml = <<<XML +<!DOCTYPE dtd [ + <!ENTITY ref "ent"> +]> +<elt att="&ref;">a&ref;</elt> +XML; + +$parser = xml_parser_create(); +xml_parse_into_struct($parser, $xml, $vals); +xml_parser_free($parser); +var_dump($vals); +?> +===DONE=== +--EXPECT-- +array(1) { + [0]=> + array(5) { + ["tag"]=> + string(3) "ELT" + ["type"]=> + string(8) "complete" + ["level"]=> + int(1) + ["attributes"]=> + array(1) { + ["ATT"]=> + string(3) "ent" + } + ["value"]=> + string(4) "aent" + } +} +===DONE=== diff --git a/ext/xml/xml.c b/ext/xml/xml.c index 09a7738205..494c347201 100644 --- a/ext/xml/xml.c +++ b/ext/xml/xml.c @@ -1447,7 +1447,6 @@ PHP_FUNCTION(xml_parse_into_struct) parser->level = 0; parser->ltags = safe_emalloc(XML_MAXLEVEL, sizeof(char *), 0); - XML_SetDefaultHandler(parser->parser, _xml_defaultHandler); XML_SetElementHandler(parser->parser, _xml_startElementHandler, _xml_endElementHandler); XML_SetCharacterDataHandler(parser->parser, _xml_characterDataHandler); |