From: aclark at wayfm dot com
Operating system: Gentoo Linux
PHP version: 5.2.12
PHP Bug Type: *General Issues
Bug description: PHP dropping entities
Description:
------------
After a recent PHP upgrade (to 5.2.11-r1), some existing code on a few of
my sites suddenly "broke."
In both instances, it's XML-related PHP code that silently and completely
drops html entities from XML code.
In one instance, it's an RSS feed. "<content:encoded><p>Lorem..."
becomes "<content:encoded>pLorem..."
The (newly) offending code contains the xml_parse_into_struct function.
In the other, it's a CDATA section of an XML-RPC ping. Same problem. The
entity-escaped tags are preserved, but without the surrounding lt and gt
entities, rendering the payload useless.
This code uses DOMDocument::LoadXML and schemaValidate
Searching a bit turned up the desiccated carcass of bug #35271, but
nothing recent that I could find.
Downgraded to PHP 5.2.9-r2. Same problem
Reproduce code:
---------------
libxml_use_internal_errors(true);
$xdoc= new DomDocument;
$xml=$params[1];
if (!$xml) {
xmlrpc_error(10, "No payload detected.");
}
$xmlschema='payload2.xsd';
$xdoc->LoadXML($xml);
if ($xdoc->schemaValidate($xmlschema)) {
Expected result:
----------------
$xml (payload from incoming XML-RPC ping) is successfully validated
against the schema doc), schemaValidate if statement is true, & code inside
is executed.
Actual result:
--------------
Schema validation fails with "The document has no document element." A
dump of the payload reveals that lt and gt entities have been stripped from
the payload: tag attr="true"tag attr="10046"tag /tagtagTag Contents/tagtag
Tag Contents/tag/tag/tag //tag
schemaValidate if statement is false, else code (omitted) is executed,
returning aforementioned error to RPC client.
--
Edit bug report at http://bugs.php.net/?id=50545&edit=1
--
Try a snapshot (PHP 5.2):
http://bugs.php.net/fix.php?id=50545&r=trysnapshot52
Try a snapshot (PHP 5.3):
http://bugs.php.net/fix.php?id=50545&r=trysnapshot53
Try a snapshot (PHP 6.0):
http://bugs.php.net/fix.php?id=50545&r=trysnapshot60
Fixed in SVN:
http://bugs.php.net/fix.php?id=50545&r=fixed
Fixed in SVN and need be documented:
http://bugs.php.net/fix.php?id=50545&r=needdocs
Fixed in release:
http://bugs.php.net/fix.php?id=50545&r=alreadyfixed
Need backtrace:
http://bugs.php.net/fix.php?id=50545&r=needtrace
Need Reproduce Script:
http://bugs.php.net/fix.php?id=50545&r=needscript
Try newer version:
http://bugs.php.net/fix.php?id=50545&r=oldversion
Not developer issue:
http://bugs.php.net/fix.php?id=50545&r=support
Expected behavior:
http://bugs.php.net/fix.php?id=50545&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=50545&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=50545&r=submittedtwice
register_globals:
http://bugs.php.net/fix.php?id=50545&r=globals
PHP 4 support discontinued: http://bugs.php.net/fix.php?id=50545&r=php4
Daylight Savings: http://bugs.php.net/fix.php?id=50545&r=dst
IIS Stability:
http://bugs.php.net/fix.php?id=50545&r=isapi
Install GNU Sed:
http://bugs.php.net/fix.php?id=50545&r=gnused
Floating point limitations:
http://bugs.php.net/fix.php?id=50545&r=float
No Zend Extensions:
http://bugs.php.net/fix.php?id=50545&r=nozend
MySQL Configuration Error:
http://bugs.php.net/fix.php?id=50545&r=mysqlcfg
