Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support stream wrappers in XML parser extensions, add external entity loader #3249

Closed
wants to merge 1 commit into from

Commits on Jul 30, 2014

  1. Support stream wrappers in XML parser extensions, add external entity…

    … loader
    
    Summary:
    * Support stream wrappers in SimpleXML, DOM and XMLReader input and
      output filenames.
    * Rename libxml_input_buffer() to libxml_create_input_buffer().
    * Implement userspace function libxml_set_streams_context(), was
      previously missing.
    * Since the VM can now be re-entered during parsing, with libxml2 in the
      call stack with -fomit-frame-pointer, all XML parsing functions must
      be protected with SYNC_VM_REGS_SCOPED().
    * In DOMDocument, don't do File::TranslatePath() on input filenames,
      since they can now be URLs, and translation is now redundant with that
      done by FileStreamWrapper.
    * In simplexml_load_file(), call xmlReadFile() instead of
      f_file_get_contents(), so that the libxml default stream context is
      used. Almost fixes test/zend/bad/ext/libxml/tests/bug54440.php, except
      for a minor error handling issue that should be dealt with by GitHub
      PR facebook#2376.
    * In stream_context_create(), return a default stream context resource
      when the options fail validation, instead of returning false. This
      matches the PHP behaviour and makes
      hphp/test/zend/bad/ext/libxml/tests/bug63389.php pass.
    * Move passing tests to hphp/test/zend/good
    * Add test.xml, copied from PHP 5.6.0-dev, needed by a passing test.
    * Add an external entity loader. This allows the use of "data:" and
      "compress.zlib:" in entities and URIs.
    
    Since loading external entities exposes a number of security issues including
    remote shell execution, it's disabled by default (except for the data: protocol
    which isn't actually external). The new config option is documented in
    doc/inconsistencies.
    
    Submitted on behalf of a third-party: The PHP Group
    Source: PHP 5.6.0-dev
    License: version 3.01 of the PHP license
    
    Closes: facebook#2329
    Closes: facebook#2829
    
    Test Plan: automated tests, new version of zend test to make sure external
    entity loading fails by default
    swtaarrs committed Jul 30, 2014
    Configuration menu
    Copy the full SHA
    0cbe136 View commit details
    Browse the repository at this point in the history