Your comment was added to the bug successfully.
| Bug#73053 | XML reader with setSchema now fails under 5.6.25 | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Submitted: | 2016-09-09 04:49 UTC | Modified: | 2017-08-16 16:30 UTC |
| ||||||||||
| From: | bruceleister at gmail dot com | Assigned: | ||||||||||||
| Status: | Suspended | Package: | XML Reader | |||||||||||
| PHP Version: | 5.6.25 | OS: | Windows Server 2012R2 Standard | |||||||||||
| Private report: | No | CVE-ID: | None | |||||||||||
ViewAdd CommentDeveloperEdit
[2016-09-09 04:49 UTC] bruceleister at gmail dot com
Description:------------The bit of code below has always been used to verify incoming XML against a Schema XSD file.It worked fine under 5.6.22, and last 3 years, but after upgrade to 5.6.25 would get the schema mis-matches shown below, note all the values it was testing are shown as blank, in the message, but are there in the XML file.I can send sample XML and XSD files if requiredTest script:---------------$xml = new XMLReader();if(!$xml->open($dir.$file,null,LIBXML_PARSEHUGE)){ logging('Unable to Open XML file (Full Parse 1):'.$dir.$file); return false;}$xml->setSchema($xsd_dir.$xsd);while($xml->read()){}Actual result:--------------XSD: Element 'request', attribute 'schema_version': '' is not a valid value of the atomic type 'xs:decimal'.Element 'request', attribute 'schema_id': The value '(null)' does not match the fixed value constraint 'WBC-CSR-Request.xsd'.Element 'request', attribute 'requestor': The value '(null)' does not match the fixed value constraint 'WBC-RFS'.Element 'service', attribute 'requestType': [facet 'enumeration'] The value '' is not an element of the set {'Catalogue', 'Bespoke', 'Defined', 'Other'}.Element 'service', attribute 'requestType': '' is not a valid value of the atomic type 'sr_type'.Element 'service', attribute 'requestId': [facet 'length'] The value '' has a length of '0'; this differs from the allowed length of '15'.Element 'service', attribute 'requestId': '' is not a valid value of the atomic type 'sr_id_type'.Element 'project', attribute 'type': [facet 'enumeration'] The value '' is not an element of the set {'bau', 'project'}.Element 'project', attribute 'type': '' is not a valid value of the atomic type 'sr_project_type'.Element 'contact', attribute 'type': [facet 'enumeration'] The value '' is not an element of the set {'primary', 'alternate', 'original requestor', 'primary - PIV', 'alternate - PIV'}.Element 'contact', attribute 'type': '' is not a valid value of the atomic type 'contact_type_type'.Element 'contact', attribute 'id': [facet 'minLength'] The value '' has a length of '0'; this underruns the allowed minimum length of '1'.Element 'contact', attribute 'id': '' is not a valid value of the local atomic type.Element 'contact', attribute 'type': [facet 'enumeration'] The value '' is not an element of the set {'primary', 'alternate', 'original requestor', 'primary - PIV', 'alternate - PIV'}.Element 'contact', attribute 'type': '' is not a valid value of the atomic type 'contact_type_type'.Element 'contact', attribute 'id': [facet 'minLength'] The value '' has a length of '0'; this underruns the allowed minimum length of '1'.Element 'contact', attribute 'id': '' is not a valid value of the local atomic type.Element 'contact', attribute 'type': [facet 'enumeration'] The value '' is not an element of the set {'primary', 'alternate', 'original requestor', 'primary - PIV', 'alternate - PIV'}.Element 'contact', attribute 'type': '' is not a valid value of the atomic type 'contact_type_type'.Element 'contact', attribute 'id': [facet 'minLength'] The value '' has a length of '0'; this underruns the allowed minimum length of '1'.Element 'contact', attribute 'id': '' is not a valid value of the local atomic type.Element 'SLAs', attribute 'count': '' is not a valid value of the atomic type 'xs:positiveInteger'.Element 'workinfos', attribute 'count': '' is not a valid value of the atomic type 'xs:positiveInteger'.Element 'workinfo', attribute 'date': '' is not a valid value of the atomic type 'xs:dateTime'.Element 'workinfo', attribute 'type': [facet 'enumeration'] The value '' is not an element of the set {'External Dependancy', 'Notes for the Vendor', 'SLA Notes for the Vendor'}.Element 'workinfo', attribute 'type': '' is not a valid value of the atomic type 'csr_workinfo_request_type'.Element 'attachments', attribute 'count': '' is not a valid value of the atomic type 'xs:positiveInteger'.Element 'attachment', attribute 'date': '' is not a valid value of the atomic type 'xs:dateTime'.Element 'attachment', attribute 'type': [facet 'enumeration'] The value '' is not an element of the set {'Service Plan', 'Test Plan', 'Test Results', 'Customer Survey'}.Element 'attachment', attribute 'type': '' is not a valid value of the atomic type 'csr_attachment_request_type'.Patches
Add a Patch
Pull Requests
Add a Pull Request
History
AllCommentsChangesGit/SVN commitsRelated reports
[2016-09-09 18:20 UTC] cmb@php.net
-Status: Open+Status: Feedback-Assigned To:+Assigned To: cmb
[2016-09-09 18:20 UTC] cmb@php.net
There haven't been any relevant changes to XMLReader for years (atleast in the PHP-5.6 branch)[1]. The behavioral change mightsimply be caused by an updated libxml.Anyhow, it would be helpful if you could make sample XML and XSDfiles available.[1] <https://github.com/php/php-src/commits/PHP-5.6/ext/xmlreader>
[2016-09-10 00:39 UTC] bruceleister at gmail dot com
Thanks for looking at this,I saw the point increase of libXMl2, but I'm running on Windows pre-build binaries, so can not change the build.I have sent sample files via email from my work's email
[2016-09-10 00:53 UTC] cmb@php.net
-Status: Feedback+Status: Open
[2016-09-10 00:53 UTC] cmb@php.net
Thanks! I'll have a look at it ASAP.
[2016-09-10 15:19 UTC] cmb@php.net
-Status: Assigned+Status: Analyzed
[2016-09-10 15:19 UTC] cmb@php.net
I can reproduce the issue as of PHP 5.6.23. The culprit is libxml22.9.4, which introduced a severe regression with regard to XSDschema validation[1].As libxml2 2.9.4 fixed several security issues, I don't think itwould be good to switch back to 2.9.3 for now, but perhaps abugfix in winlibs/libxml2[2] would be appropriate, so that PHP5.6.26+ could be shipped with working XSD validation even if nonew libxml2 version would be released in the meantime).[1] <https://bugzilla.gnome.org/show_bug.cgi?id=766834>[2] <https://github.com/winlibs/libxml2>
[2016-09-10 19:38 UTC] cmb@php.net
I have submitted PR <https://github.com/winlibs/libxml2/pull/2>.I'm suspending this ticket until the issue will be fixed with anew libxml2 release.
[2016-09-10 19:38 UTC] cmb@php.net
-Status: Analyzed+Status: Suspended
[2016-09-10 22:24 UTC] cmb@php.net
Added a test case: <http://git.php.net/?p=php-src.git;a=commit;h=326a4e38>.
[2017-08-16 16:30 UTC] cmb@php.net
-Assigned To: cmb+Assigned To:
[2023-08-10 13:22 UTC] asdasuh at gmail dot com
'Test Results,' 'Customer Survey' is well executed and written. Recently, I had to take my publix Customer Experience survey at the official survey portal Publixsurvey.online to share my honest feedback about the shopping experience. After shopping, Don't miss the chance to win a $1000Sweepstakes Gift card by taking the Publix Survey.Survey portal for publix customers https://github.com.php)(https://publixsurvey.online/)
[2024-04-08 16:47 UTC] receiptify7 at gmail dot com
https://github.com.php)(https://publixsurvey.cloud/)
[2024-04-08 16:47 UTC] receiptify7 at gmail dot com
https://github.com.php)(https://publixsurvey.cloud/publix-oasis-login-at-publix-org-passport-login-for-employees/)https://github.com.php)(https://publixsurvey.cloud/publix-passport-login/)
[2024-05-10 13:50 UTC] njmcdirecttonline at gmail dot com
https://github.com.php)(https://njmcdirectt.online/)https://github.com.php)(https://njmcdirectt.online/customer-support/)
[2024-06-13 13:10 UTC] njmcdirectuss at gmail dot com
https://github.com.php)(https://njmcdirect.us/pay-nj-traffic-ticket-online/)https://github.com.php)(https://njmcdirect.us/nj-vehicle-registration/)
