Skip to content
This repository has been archived by the owner on Apr 28, 2020. It is now read-only.

Commit

Permalink
Show file tree
Hide file tree
Showing 3 changed files with 37 additions and 7 deletions.
19 changes: 17 additions & 2 deletions src/Fault.php
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,8 @@

namespace Zend\XmlRpc;

use SimpleXMLElement;

/**
* XMLRPC Faults
*
Expand Down Expand Up @@ -171,7 +173,7 @@ public function getEncoding()
* @param string $fault
* @return boolean Returns true if successfully loaded fault response, false
* if response was not a fault response
* @throws \Zend\XmlRpc\Exception\ExceptionInterface if no or faulty XML provided, or if fault
* @throws Exception\ExceptionInterface if no or faulty XML provided, or if fault
* response does not contain either code or message
*/
public function loadXml($fault)
Expand All @@ -180,12 +182,25 @@ public function loadXml($fault)
throw new Exception\InvalidArgumentException('Invalid XML provided to fault');
}

$xmlErrorsFlag = libxml_use_internal_errors(true);
try {
$xml = new \SimpleXMLElement($fault);
$xml = new SimpleXMLElement($fault);
} catch (\Exception $e) {
// Not valid XML
throw new Exception\InvalidArgumentException('Failed to parse XML fault: ' . $e->getMessage(), 500, $e);
}
if (!$xml instanceof SimpleXMLElement) {
$errors = libxml_get_errors();
$errors = array_reduce($errors, function ($result, $item) {
if (empty($result)) {
return $item->message;
}
return $result . '; ' . $item->message;
}, '');
libxml_use_internal_errors($xmlErrorsFlag);
throw new Exception\InvalidArgumentException('Failed to parse XML fault: ' . $errors, 500);
}
libxml_use_internal_errors($xmlErrorsFlag);

// Check for fault
if (!$xml->fault) {
Expand Down
23 changes: 19 additions & 4 deletions src/Request.php
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,10 @@

namespace Zend\XmlRpc;

use DOMDocument;
use SimpleXMLElement;
use Zend\Stdlib\ErrorHandler;

/**
* XmlRpc Request object
*
Expand Down Expand Up @@ -284,9 +288,10 @@ public function loadXml($request)
}

// @see ZF-12293 - disable external entities for security purposes
$loadEntities = libxml_disable_entity_loader(true);
$loadEntities = libxml_disable_entity_loader(true);
$xmlErrorsFlag = libxml_use_internal_errors(true);
try {
$dom = new \DOMDocument;
$dom = new DOMDocument;
$dom->loadXML($request);
foreach ($dom->childNodes as $child) {
if ($child->nodeType === XML_DOCUMENT_TYPE_NODE) {
Expand All @@ -295,14 +300,24 @@ public function loadXml($request)
);
}
}
$xml = simplexml_import_dom($dom);
//$xml = new \SimpleXMLElement($request);
ErrorHandler::start();
$xml = simplexml_import_dom($dom);
$error = ErrorHandler::stop();
libxml_disable_entity_loader($loadEntities);
libxml_use_internal_errors($xmlErrorsFlag);
} catch (\Exception $e) {
// Not valid XML
$this->fault = new Fault(631);
$this->fault->setEncoding($this->getEncoding());
libxml_disable_entity_loader($loadEntities);
libxml_use_internal_errors($xmlErrorsFlag);
return false;
}
if (!$xml instanceof SimpleXMLElement || $error) {
// Not valid XML
$this->fault = new Fault(631);
$this->fault->setEncoding($this->getEncoding());
libxml_use_internal_errors($xmlErrorsFlag);
return false;
}

Expand Down
2 changes: 1 addition & 1 deletion src/Server.php
Original file line number Diff line number Diff line change
Expand Up @@ -172,8 +172,8 @@ public function __call($method, $params)
*
* @param string|array|callable $function Valid callback
* @param string $namespace Optional namespace prefix
* @throws Server\Exception\InvalidArgumentException
* @return void
* @throws \Zend\XmlRpc\Exception\InvalidArgumentException
*/
public function addFunction($function, $namespace = '')
{
Expand Down

0 comments on commit 9a73c30

Please sign in to comment.