Permalink
Browse files

Merge branch '2.0'

* 2.0:
  updated VERSION for 2.0.17
  updated CHANGELOG for 2.0.17
  updated vendors for 2.0.17
  fixed XML decoding attack vector through external entities
  prevents injection of malicious doc types
  disabled network access when loading XML documents
  refined previous commit
  prevents injection of malicious doc types
  standardized the way we handle XML errors
  Redirects are now absolute

Conflicts:
	CHANGELOG-2.0.md
	src/Symfony/Component/DependencyInjection/Loader/XmlFileLoader.php
	src/Symfony/Component/DomCrawler/Crawler.php
	src/Symfony/Component/HttpKernel/Kernel.php
	tests/Symfony/Tests/Component/DependencyInjection/Loader/XmlFileLoaderTest.php
	tests/Symfony/Tests/Component/Routing/Loader/XmlFileLoaderTest.php
	tests/Symfony/Tests/Component/Serializer/Encoder/XmlEncoderTest.php
	tests/Symfony/Tests/Component/Translation/Loader/XliffFileLoaderTest.php
	tests/Symfony/Tests/Component/Validator/Mapping/Loader/XmlFileLoaderTest.php
	vendors.php
  • Loading branch information...
2 parents f86274c + b5a30be commit bc926aea16a6a19f55c7e6a77b6d4223ca0620d9 @fabpot fabpot committed Aug 28, 2012
View
32 Mapping/Loader/XmlFileLoader.php
@@ -184,22 +184,38 @@ protected function parseOptions(\SimpleXMLElement $nodes)
*/
protected function parseFile($file)
{
+ $internalErrors = libxml_use_internal_errors(true);
+ $disableEntities = libxml_disable_entity_loader(true);
+ libxml_clear_errors();
+
$dom = new \DOMDocument();
- libxml_use_internal_errors(true);
- if (!$dom->load($file, defined('LIBXML_COMPACT') ? LIBXML_COMPACT : 0)) {
- throw new MappingException(implode("\n", $this->getXmlErrors()));
+ $dom->validateOnParse = true;
+ if (!$dom->loadXML(file_get_contents($file), LIBXML_NONET | (defined('LIBXML_COMPACT') ? LIBXML_COMPACT : 0))) {
+ libxml_disable_entity_loader($disableEntities);
+
+ throw new MappingException(implode("\n", $this->getXmlErrors($internalErrors)));
}
+
+ libxml_disable_entity_loader($disableEntities);
+
if (!$dom->schemaValidate(__DIR__.'/schema/dic/constraint-mapping/constraint-mapping-1.0.xsd')) {
- throw new MappingException(implode("\n", $this->getXmlErrors()));
+ throw new MappingException(implode("\n", $this->getXmlErrors($internalErrors)));
}
- $dom->validateOnParse = true;
+
$dom->normalizeDocument();
- libxml_use_internal_errors(false);
+
+ libxml_use_internal_errors($internalErrors);
+
+ foreach ($dom->childNodes as $child) {
+ if ($child->nodeType === XML_DOCUMENT_TYPE_NODE) {
+ throw new MappingException('Document types are not allowed.');
+ }
+ }
return simplexml_import_dom($dom);
}
- protected function getXmlErrors()
+ protected function getXmlErrors($internalErrors)
{
$errors = array();
foreach (libxml_get_errors() as $error) {
@@ -214,7 +230,7 @@ protected function getXmlErrors()
}
libxml_clear_errors();
- libxml_use_internal_errors(false);
+ libxml_use_internal_errors($internalErrors);
return $errors;
}
View
12 Tests/Mapping/Loader/XmlFileLoaderTest.php
@@ -80,4 +80,16 @@ public function testLoadGroupSequenceProvider()
$this->assertEquals($expected, $metadata);
}
+
+ /**
+ * @expectedException Symfony\Component\Validator\Exception\MappingException
+ * @expectedExceptionMessage Document types are not allowed.
+ */
+ public function testDocTypeIsNotAllowed()
+ {
+ $loader = new XmlFileLoader(__DIR__.'/withdoctype.xml');
+ $metadata = new ClassMetadata('Symfony\Component\Validator\Tests\Fixtures\Entity');
+
+ $loader->loadClassMetadata($metadata);
+ }
}
View
7 Tests/Mapping/Loader/withdoctype.xml
@@ -0,0 +1,7 @@
+<?xml version="1.0"?>
+<!DOCTYPE foo>
+<constraint-mapping xmlns="http://symfony.com/schema/dic/constraint-mapping"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://symfony.com/schema/dic/constraint-mapping http://symfony.com/schema/dic/services/constraint-mapping-1.0.xsd">
+ <class name="Symfony\Tests\Component\Validator\Fixtures\Entity" />
+</constraint-mapping>

0 comments on commit bc926ae

Please sign in to comment.