Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 1.1.5

Bug #16301 Invalid XML response from server will crash PHP
Submitted: 2009-06-07 17:48 UTC
From: soryu2 Assigned: doconnor
Status: Closed Package: XML_RPC2 (version 1.0.5)
PHP Version: 5.2.9 OS: Mac OX X.5.7
Roadmaps: (Not assigned)    
Subscription  


 [2009-06-07 17:48 UTC] soryu2 (Stanley Rost)
Description: ------------ PHP Backend of xmlrpc client does not check for valid XML response. It uses simplexml_load_string($body) in RPC2/Backend/PHP/Client.php line 114 and passes the result unchecked to XML_RPC2_Backend_Php_Response::decode which access the argument as an object. But simplexml_load_string may return FALSE in which case PHP bellies up and just plain exits without any error or exception. Using the xmlrpc ext backend works (it does not crash/exit PHP) but is not an option for me as it garbles multibyte characters. Real life errors that could cause this behaviour is the PHP crashing on the server (because of a bug in call handler code or otherwise) or Memory limit exceeded. Test script: --------------- Client: http://pastie.textmate.org/503464 Server: http://pastie.textmate.org/503465 Expected result: ---------------- Print: Done Actual result: -------------- PHP stops execution in RPC2/Backend/PHP/Reponse.php line 127 when trying to execute method `xpath` on `false`

Comments

 [2009-06-08 09:57 UTC] doconnor (Daniel O'Connor)
-Status: Open +Status: Verified
That should really be: http://au2.php.net/manual/en/function.simplexml-element-construct.php so it throws exceptions. Thanks Stanley!
 [2009-06-08 10:01 UTC] doconnor (Daniel O'Connor)
The following patch has been added/updated: Patch Name: Client.php Revision: 1244437295 URL: http://pear.php.net/bugs/patch-display.php?bug=16301&patch=Client.php&revision=1244437295&display=1
 [2009-06-08 10:02 UTC] doconnor (Daniel O'Connor)
Oops, looks like a bunch of tabs to spaces fixed snuck in there too.
 [2010-02-22 12:14 UTC] doconnor (Daniel O'Connor)
-Status: Verified +Status: Closed -Assigned To: +Assigned To: doconnor
This bug has been fixed in SVN. If this was a documentation problem, the fix will appear on pear.php.net by the end of next Sunday (CET). If this was a problem with the pear.php.net website, the change should be live shortly. Otherwise, the fix will appear in the package's next release. Thank you for the report and for helping us make PEAR better.