Skip to content

Commit

Permalink
Merge pull request #527 from nextcloud/fix/sabre-parse-xml-errors
Browse files Browse the repository at this point in the history
Update sabre/xml to fix XML parsing errors (with empty strings)
  • Loading branch information
MorrisJobke authored Nov 20, 2020
2 parents a7e8c63 + fdedd5a commit 8d7a96c
Show file tree
Hide file tree
Showing 8 changed files with 71 additions and 45 deletions.
16 changes: 9 additions & 7 deletions composer.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

20 changes: 11 additions & 9 deletions composer/installed.json
Original file line number Diff line number Diff line change
Expand Up @@ -1129,7 +1129,8 @@
"homepage": "https://www.doctrine-project.org/projects/reflection.html",
"keywords": [
"reflection"
]
],
"abandoned": "roave/better-reflection"
},
{
"name": "egulias/email-validator",
Expand Down Expand Up @@ -4023,32 +4024,33 @@
},
{
"name": "sabre/xml",
"version": "2.2.0",
"version_normalized": "2.2.0.0",
"version": "2.2.3",
"version_normalized": "2.2.3.0",
"source": {
"type": "git",
"url": "https://github.com/sabre-io/xml.git",
"reference": "705f5cbf7f4fb1e3dd47173e3f026892818c8d46"
"reference": "c3b959f821c19b36952ec4a595edd695c216bfc6"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/sabre-io/xml/zipball/705f5cbf7f4fb1e3dd47173e3f026892818c8d46",
"reference": "705f5cbf7f4fb1e3dd47173e3f026892818c8d46",
"url": "https://api.github.com/repos/sabre-io/xml/zipball/c3b959f821c19b36952ec4a595edd695c216bfc6",
"reference": "c3b959f821c19b36952ec4a595edd695c216bfc6",
"shasum": ""
},
"require": {
"ext-dom": "*",
"ext-xmlreader": "*",
"ext-xmlwriter": "*",
"lib-libxml": ">=2.6.20",
"php": "^7.1",
"php": "^7.1 || ^8.0",
"sabre/uri": ">=1.0,<3.0.0"
},
"require-dev": {
"friendsofphp/php-cs-fixer": "~2.16.1",
"phpunit/phpunit": "^7 || ^8"
"phpstan/phpstan": "^0.12",
"phpunit/phpunit": "^7.5 || ^8.5 || ^9.0"
},
"time": "2020-01-31T18:52:58+00:00",
"time": "2020-10-03T10:08:14+00:00",
"type": "library",
"installation-source": "dist",
"autoload": {
Expand Down
14 changes: 0 additions & 14 deletions sabre/xml/.gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -5,18 +5,4 @@ composer.lock
# Tests
tests/cov
tests/.phpunit.result.cache
.*.swp

# Composer binaries
bin/phpunit
bin/php-cs-fixer
bin/phpstan
bin/phpstan.phar

# Vim
.*.swp

# IDEs
/.idea

.php_cs.cache
14 changes: 14 additions & 0 deletions sabre/xml/CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,20 @@
ChangeLog
=========

2.2.3 (2020-10-03)
------------------
* #191: add changelog and version bump that was missed in 2.2.2

2.2.2 (2020-10-03)
------------------
* #190: adjust libxml_disable_entity_loader calls ready for PHP 8.0 (@phil-davis)

2.2.1 (2020-05-11)
------------------

* #183: fixed warning 'xml cannot be empty while reading', which might lead to a infinite-loop (@mrow4a)
* #179, #178, #177 #176: several build/continous integration related improvements (@phil-davis)

2.2.0 (2020-01-31)
------------------

Expand Down
22 changes: 18 additions & 4 deletions sabre/xml/composer.json
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
"homepage" : "https://sabre.io/xml/",
"license" : "BSD-3-Clause",
"require" : {
"php" : "^7.1",
"php" : "^7.1 || ^8.0",
"ext-xmlwriter" : "*",
"ext-xmlreader" : "*",
"ext-dom" : "*",
Expand Down Expand Up @@ -45,9 +45,23 @@
},
"require-dev": {
"friendsofphp/php-cs-fixer": "~2.16.1",
"phpunit/phpunit" : "^7 || ^8"
"phpstan/phpstan": "^0.12",
"phpunit/phpunit" : "^7.5 || ^8.5 || ^9.0"
},
"config" : {
"bin-dir" : "bin/"
"scripts": {
"phpstan": [
"phpstan analyse lib tests"
],
"cs-fixer": [
"php-cs-fixer fix"
],
"phpunit": [
"phpunit --configuration tests/phpunit.xml"
],
"test": [
"composer phpstan",
"composer cs-fixer",
"composer phpunit"
]
}
}
10 changes: 8 additions & 2 deletions sabre/xml/lib/Reader.php
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,11 @@ public function getClark()
*/
public function parse(): array
{
$previousEntityState = libxml_disable_entity_loader(true);
$previousEntityState = null;
$shouldCallLibxmlDisableEntityLoader = (\PHP_VERSION_ID < 80000);
if ($shouldCallLibxmlDisableEntityLoader) {
$previousEntityState = libxml_disable_entity_loader(true);
}
$previousSetting = libxml_use_internal_errors(true);

try {
Expand All @@ -78,7 +82,9 @@ public function parse(): array
}
} finally {
libxml_use_internal_errors($previousSetting);
libxml_disable_entity_loader($previousEntityState);
if ($shouldCallLibxmlDisableEntityLoader) {
libxml_disable_entity_loader($previousEntityState);
}
}

return $result;
Expand Down
18 changes: 10 additions & 8 deletions sabre/xml/lib/Service.php
Original file line number Diff line number Diff line change
Expand Up @@ -115,12 +115,13 @@ public function parse($input, string $contextUri = null, string &$rootElementNam
// Unfortunately the XMLReader doesn't support streams. When it
// does, we can optimize this.
$input = (string) stream_get_contents($input);
}

// If input is an empty string, then its safe to throw exception
if ('' === $input) {
throw new ParseException('The input element to parse is empty. Do not attempt to parse');
}
// If input is empty, then its safe to throw exception
if (empty($input)) {
throw new ParseException('The input element to parse is empty. Do not attempt to parse');
}

$r = $this->getReader();
$r->contextUri = $contextUri;
$r->XML($input, null, $this->options);
Expand Down Expand Up @@ -158,12 +159,13 @@ public function expect($rootElementName, $input, string $contextUri = null)
// Unfortunately the XMLReader doesn't support streams. When it
// does, we can optimize this.
$input = (string) stream_get_contents($input);
}

// If input is empty string, then its safe to throw exception
if ('' === $input) {
throw new ParseException('The input element to parse is empty. Do not attempt to parse');
}
// If input is empty, then its safe to throw exception
if (empty($input)) {
throw new ParseException('The input element to parse is empty. Do not attempt to parse');
}

$r = $this->getReader();
$r->contextUri = $contextUri;
$r->XML($input, null, $this->options);
Expand Down
2 changes: 1 addition & 1 deletion sabre/xml/lib/Version.php
Original file line number Diff line number Diff line change
Expand Up @@ -16,5 +16,5 @@ class Version
/**
* Full version number.
*/
const VERSION = '2.2.0';
const VERSION = '2.2.3';
}

0 comments on commit 8d7a96c

Please sign in to comment.