| 1 |
efrain |
1 |
<?php
|
|
|
2 |
|
|
|
3 |
namespace PhpXmlRpc\Helper;
|
|
|
4 |
|
|
|
5 |
use PhpXmlRpc\PhpXmlRpc;
|
|
|
6 |
use PhpXmlRpc\Traits\DeprecationLogger;
|
|
|
7 |
use PhpXmlRpc\Value;
|
|
|
8 |
|
|
|
9 |
/**
|
|
|
10 |
* Deals with parsing the XML.
|
|
|
11 |
* @see http://xmlrpc.com/spec.md
|
|
|
12 |
*
|
|
|
13 |
* @todo implement an interface to allow for alternative implementations
|
|
|
14 |
* - make access to $_xh protected, return more high-level data structures
|
|
|
15 |
* - move the private parts of $_xh to the internal-use parsing-options config
|
|
|
16 |
* - add parseRequest, parseResponse, parseValue methods
|
|
|
17 |
* @todo if iconv() or mb_string() are available, we could allow to convert the received xml to a custom charset encoding
|
|
|
18 |
* while parsing, which is faster than doing it later by going over the rebuilt data structure
|
|
|
19 |
* @todo rename? This is an xml-rpc parser, not a generic xml parser...
|
|
|
20 |
*
|
|
|
21 |
* @property array $xmlrpc_valid_parents deprecated - public access left in purely for BC
|
|
|
22 |
* @property int $accept deprecated - (protected) access left in purely for BC
|
|
|
23 |
*/
|
|
|
24 |
class XMLParser
|
|
|
25 |
{
|
|
|
26 |
use DeprecationLogger;
|
|
|
27 |
|
|
|
28 |
const RETURN_XMLRPCVALS = 'xmlrpcvals';
|
|
|
29 |
const RETURN_EPIVALS = 'epivals';
|
|
|
30 |
const RETURN_PHP = 'phpvals';
|
|
|
31 |
|
|
|
32 |
const ACCEPT_REQUEST = 1;
|
|
|
33 |
const ACCEPT_RESPONSE = 2;
|
|
|
34 |
const ACCEPT_VALUE = 4;
|
|
|
35 |
const ACCEPT_FAULT = 8;
|
|
|
36 |
|
|
|
37 |
/**
|
|
|
38 |
* @var int
|
|
|
39 |
* The max length beyond which data will get truncated in error messages
|
|
|
40 |
*/
|
|
|
41 |
protected $maxLogValueLength = 100;
|
|
|
42 |
|
|
|
43 |
/**
|
|
|
44 |
* @var array
|
|
|
45 |
* Used to store state during parsing and to pass parsing results to callers.
|
|
|
46 |
* Quick explanation of components:
|
|
|
47 |
* private:
|
|
|
48 |
* ac - used to accumulate values
|
|
|
49 |
* stack - array with genealogy of xml elements names, used to validate nesting of xml-rpc elements
|
|
|
50 |
* valuestack - array used for parsing arrays and structs
|
|
|
51 |
* lv - used to indicate "looking for a value": implements the logic to allow values with no types to be strings
|
|
|
52 |
* (values: 0=not looking, 1=looking, 3=found)
|
|
|
53 |
* public:
|
|
|
54 |
* isf - used to indicate an xml-rpc response fault (1), invalid xml-rpc fault (2), xml parsing fault (3)
|
|
|
55 |
* isf_reason - used for storing xml-rpc response fault string
|
|
|
56 |
* value - used to store the value in responses
|
|
|
57 |
* method - used to store method name in requests
|
|
|
58 |
* params - used to store parameters in requests
|
|
|
59 |
* pt - used to store the type of each received parameter. Useful if parameters are automatically decoded to php values
|
|
|
60 |
* rt - 'methodcall', 'methodresponse', 'value' or 'fault' (the last one used only in EPI emulation mode)
|
|
|
61 |
*/
|
|
|
62 |
protected $_xh = array(
|
|
|
63 |
'ac' => '',
|
|
|
64 |
'stack' => array(),
|
|
|
65 |
'valuestack' => array(),
|
|
|
66 |
'lv' => 0,
|
|
|
67 |
'isf' => 0,
|
|
|
68 |
'isf_reason' => '',
|
|
|
69 |
'value' => null,
|
|
|
70 |
'method' => false,
|
|
|
71 |
'params' => array(),
|
|
|
72 |
'pt' => array(),
|
|
|
73 |
'rt' => '',
|
|
|
74 |
);
|
|
|
75 |
|
|
|
76 |
/**
|
|
|
77 |
* @var array[]
|
|
|
78 |
*/
|
|
|
79 |
protected $xmlrpc_valid_parents = array(
|
|
|
80 |
'VALUE' => array('MEMBER', 'DATA', 'PARAM', 'FAULT'),
|
|
|
81 |
'BOOLEAN' => array('VALUE'),
|
|
|
82 |
'I4' => array('VALUE'),
|
|
|
83 |
'I8' => array('VALUE'),
|
|
|
84 |
'EX:I8' => array('VALUE'),
|
|
|
85 |
'INT' => array('VALUE'),
|
|
|
86 |
'STRING' => array('VALUE'),
|
|
|
87 |
'DOUBLE' => array('VALUE'),
|
|
|
88 |
'DATETIME.ISO8601' => array('VALUE'),
|
|
|
89 |
'BASE64' => array('VALUE'),
|
|
|
90 |
'MEMBER' => array('STRUCT'),
|
|
|
91 |
'NAME' => array('MEMBER'),
|
|
|
92 |
'DATA' => array('ARRAY'),
|
|
|
93 |
'ARRAY' => array('VALUE'),
|
|
|
94 |
'STRUCT' => array('VALUE'),
|
|
|
95 |
'PARAM' => array('PARAMS'),
|
|
|
96 |
'METHODNAME' => array('METHODCALL'),
|
|
|
97 |
'PARAMS' => array('METHODCALL', 'METHODRESPONSE'),
|
|
|
98 |
'FAULT' => array('METHODRESPONSE'),
|
|
|
99 |
'NIL' => array('VALUE'), // only used when extension activated
|
|
|
100 |
'EX:NIL' => array('VALUE'), // only used when extension activated
|
|
|
101 |
);
|
|
|
102 |
|
|
|
103 |
/** @var array $parsing_options */
|
|
|
104 |
protected $parsing_options = array();
|
|
|
105 |
|
|
|
106 |
/** @var int $accept self::ACCEPT_REQUEST | self::ACCEPT_RESPONSE by default */
|
|
|
107 |
//protected $accept = 3;
|
|
|
108 |
|
|
|
109 |
/** @var int $maxChunkLength 4 MB by default. Any value below 10MB should be good */
|
|
|
110 |
protected $maxChunkLength = 4194304;
|
|
|
111 |
/** @var array
|
|
|
112 |
* Used keys: accept, target_charset, methodname_callback, plus the ones set here.
|
|
|
113 |
* We initialize it partially to help keep BC with subclasses which might have reimplemented `parse()` but not
|
|
|
114 |
* the element handler methods
|
|
|
115 |
*/
|
|
|
116 |
protected $current_parsing_options = array(
|
|
|
117 |
'xmlrpc_null_extension' => false,
|
|
|
118 |
'xmlrpc_return_datetimes' => false,
|
|
|
119 |
'xmlrpc_reject_invalid_values' => false
|
|
|
120 |
);
|
|
|
121 |
|
|
|
122 |
/**
|
|
|
123 |
* @param array $options integer keys: options passed to the inner xml parser
|
|
|
124 |
* string keys:
|
|
|
125 |
* - target_charset (string)
|
|
|
126 |
* - methodname_callback (callable)
|
|
|
127 |
* - xmlrpc_null_extension (bool)
|
|
|
128 |
* - xmlrpc_return_datetimes (bool)
|
|
|
129 |
* - xmlrpc_reject_invalid_values (bool)
|
|
|
130 |
*/
|
|
|
131 |
public function __construct(array $options = array())
|
|
|
132 |
{
|
|
|
133 |
$this->parsing_options = $options;
|
|
|
134 |
}
|
|
|
135 |
|
|
|
136 |
/**
|
|
|
137 |
* Parses an xml-rpc xml string. Results of the parsing are found in $this->['_xh'].
|
|
|
138 |
* Logs to the error log any issues which do not cause the parsing to fail.
|
|
|
139 |
*
|
|
|
140 |
* @param string $data
|
|
|
141 |
* @param string $returnType self::RETURN_XMLRPCVALS, self::RETURN_PHP, self::RETURN_EPIVALS
|
|
|
142 |
* @param int $accept a bit-combination of self::ACCEPT_REQUEST, self::ACCEPT_RESPONSE, self::ACCEPT_VALUE
|
|
|
143 |
* @param array $options integer-key options are passed to the xml parser, string-key options are used independently.
|
|
|
144 |
* These options are added to options received in the constructor.
|
|
|
145 |
* Note that if options xmlrpc_null_extension, xmlrpc_return_datetimes and xmlrpc_reject_invalid_values
|
|
|
146 |
* are not set, the default settings from PhpXmlRpc\PhpXmlRpc are used
|
|
|
147 |
* @return array see the definition of $this->_xh for the meaning of the results
|
|
|
148 |
* @throws \Exception this can happen if a callback function is set and it does throw (i.e. we do not catch exceptions)
|
|
|
149 |
*
|
|
|
150 |
* @todo refactor? we could 1. return the parsed data structure, and 2. move $returnType and $accept into options
|
|
|
151 |
* @todo feature-creep make it possible to pass in options overriding usage of PhpXmlRpc::$xmlrpc_XXX_format, so
|
|
|
152 |
* that parsing will be completely independent of global state. Note that it might incur a small perf hit...
|
|
|
153 |
*/
|
|
|
154 |
public function parse($data, $returnType = self::RETURN_XMLRPCVALS, $accept = 3, $options = array())
|
|
|
155 |
{
|
|
|
156 |
$this->_xh = array(
|
|
|
157 |
'ac' => '',
|
|
|
158 |
'stack' => array(),
|
|
|
159 |
'valuestack' => array(),
|
|
|
160 |
'lv' => 0,
|
|
|
161 |
'isf' => 0,
|
|
|
162 |
'isf_reason' => '',
|
|
|
163 |
'value' => null,
|
|
|
164 |
'method' => false, // so we can check later if we got a methodname or not
|
|
|
165 |
'params' => array(),
|
|
|
166 |
'pt' => array(),
|
|
|
167 |
'rt' => '',
|
|
|
168 |
);
|
|
|
169 |
|
|
|
170 |
$len = strlen($data);
|
|
|
171 |
|
|
|
172 |
// we test for empty documents here to save on resource allocation and simplify the chunked-parsing loop below
|
|
|
173 |
if ($len == 0) {
|
|
|
174 |
$this->_xh['isf'] = 3;
|
|
|
175 |
$this->_xh['isf_reason'] = 'XML error 5: empty document';
|
|
|
176 |
return $this->_xh;
|
|
|
177 |
}
|
|
|
178 |
|
|
|
179 |
$this->current_parsing_options = array('accept' => $accept);
|
|
|
180 |
|
|
|
181 |
$mergedOptions = $this->parsing_options;
|
|
|
182 |
foreach ($options as $key => $val) {
|
|
|
183 |
$mergedOptions[$key] = $val;
|
|
|
184 |
}
|
|
|
185 |
|
|
|
186 |
foreach ($mergedOptions as $key => $val) {
|
|
|
187 |
// q: can php be built without ctype? should we use a regexp?
|
|
|
188 |
if (is_string($key) && !ctype_digit($key)) {
|
|
|
189 |
/// @todo on invalid options, throw/error-out instead of logging an error message?
|
|
|
190 |
switch($key) {
|
|
|
191 |
case 'target_charset':
|
|
|
192 |
if (function_exists('mb_convert_encoding')) {
|
|
|
193 |
$this->current_parsing_options['target_charset'] = $val;
|
|
|
194 |
} else {
|
|
|
195 |
$this->getLogger()->error('XML-RPC: ' . __METHOD__ . ": 'target_charset' option is unsupported without mbstring");
|
|
|
196 |
}
|
|
|
197 |
break;
|
|
|
198 |
|
|
|
199 |
case 'methodname_callback':
|
|
|
200 |
if (is_callable($val)) {
|
|
|
201 |
$this->current_parsing_options['methodname_callback'] = $val;
|
|
|
202 |
} else {
|
|
|
203 |
$this->getLogger()->error('XML-RPC: ' . __METHOD__ . ": Callback passed as 'methodname_callback' is not callable");
|
|
|
204 |
}
|
|
|
205 |
break;
|
|
|
206 |
|
|
|
207 |
case 'xmlrpc_null_extension':
|
|
|
208 |
case 'xmlrpc_return_datetimes':
|
|
|
209 |
case 'xmlrpc_reject_invalid_values':
|
|
|
210 |
$this->current_parsing_options[$key] = $val;
|
|
|
211 |
break;
|
|
|
212 |
|
|
|
213 |
default:
|
|
|
214 |
$this->getLogger()->error('XML-RPC: ' . __METHOD__ . ": unsupported option: $key");
|
|
|
215 |
}
|
|
|
216 |
unset($mergedOptions[$key]);
|
|
|
217 |
}
|
|
|
218 |
}
|
|
|
219 |
|
|
|
220 |
if (!isset($this->current_parsing_options['xmlrpc_null_extension'])) {
|
|
|
221 |
$this->current_parsing_options['xmlrpc_null_extension'] = PhpXmlRpc::$xmlrpc_null_extension;
|
|
|
222 |
}
|
|
|
223 |
if (!isset($this->current_parsing_options['xmlrpc_return_datetimes'])) {
|
|
|
224 |
$this->current_parsing_options['xmlrpc_return_datetimes'] = PhpXmlRpc::$xmlrpc_return_datetimes;
|
|
|
225 |
}
|
|
|
226 |
if (!isset($this->current_parsing_options['xmlrpc_reject_invalid_values'])) {
|
|
|
227 |
$this->current_parsing_options['xmlrpc_reject_invalid_values'] = PhpXmlRpc::$xmlrpc_reject_invalid_values;
|
|
|
228 |
}
|
|
|
229 |
|
|
|
230 |
// NB: we use '' instead of null to force charset detection from the xml declaration
|
|
|
231 |
$parser = xml_parser_create('');
|
|
|
232 |
|
|
|
233 |
foreach ($mergedOptions as $key => $val) {
|
|
|
234 |
xml_parser_set_option($parser, $key, $val);
|
|
|
235 |
}
|
|
|
236 |
|
|
|
237 |
// always set this, in case someone tries to disable it via options...
|
|
|
238 |
xml_parser_set_option($parser, XML_OPTION_CASE_FOLDING, 1);
|
|
|
239 |
|
|
|
240 |
xml_set_object($parser, $this);
|
|
|
241 |
|
|
|
242 |
switch ($returnType) {
|
|
|
243 |
case self::RETURN_PHP:
|
|
|
244 |
xml_set_element_handler($parser, 'xmlrpc_se', 'xmlrpc_ee_fast');
|
|
|
245 |
break;
|
|
|
246 |
case self::RETURN_EPIVALS:
|
|
|
247 |
xml_set_element_handler($parser, 'xmlrpc_se', 'xmlrpc_ee_epi');
|
|
|
248 |
break;
|
|
|
249 |
/// @todo log an error / throw / error-out on unsupported return type
|
|
|
250 |
case XMLParser::RETURN_XMLRPCVALS:
|
|
|
251 |
default:
|
|
|
252 |
xml_set_element_handler($parser, 'xmlrpc_se', 'xmlrpc_ee');
|
|
|
253 |
}
|
|
|
254 |
|
|
|
255 |
xml_set_character_data_handler($parser, 'xmlrpc_cd');
|
|
|
256 |
xml_set_default_handler($parser, 'xmlrpc_dh');
|
|
|
257 |
|
|
|
258 |
try {
|
|
|
259 |
// @see ticket #70 - we have to parse big xml docs in chunks to avoid errors
|
|
|
260 |
for ($offset = 0; $offset < $len; $offset += $this->maxChunkLength) {
|
|
|
261 |
$chunk = substr($data, $offset, $this->maxChunkLength);
|
|
|
262 |
// error handling: xml not well formed
|
|
|
263 |
if (!xml_parse($parser, $chunk, $offset + $this->maxChunkLength >= $len)) {
|
|
|
264 |
$errCode = xml_get_error_code($parser);
|
|
|
265 |
$errStr = sprintf('XML error %s: %s at line %d, column %d', $errCode, xml_error_string($errCode),
|
|
|
266 |
xml_get_current_line_number($parser), xml_get_current_column_number($parser));
|
|
|
267 |
|
|
|
268 |
$this->_xh['isf'] = 3;
|
|
|
269 |
$this->_xh['isf_reason'] = $errStr;
|
|
|
270 |
}
|
|
|
271 |
// no need to parse further if we already have a fatal error
|
|
|
272 |
if ($this->_xh['isf'] >= 2) {
|
|
|
273 |
break;
|
|
|
274 |
}
|
|
|
275 |
}
|
|
|
276 |
/// @todo bump minimum php version to 5.5 and use a finally clause instead of doing cleanup 3 times
|
|
|
277 |
} catch (\Exception $e) {
|
|
|
278 |
xml_parser_free($parser);
|
|
|
279 |
$this->current_parsing_options = array();
|
|
|
280 |
/// @todo should we set $this->_xh['isf'] and $this->_xh['isf_reason'] ?
|
|
|
281 |
throw $e;
|
|
|
282 |
} catch (\Error $e) {
|
|
|
283 |
xml_parser_free($parser);
|
|
|
284 |
$this->current_parsing_options = array();
|
|
|
285 |
//$this->accept = $prevAccept;
|
|
|
286 |
/// @todo should we set $this->_xh['isf'] and $this->_xh['isf_reason'] ?
|
|
|
287 |
throw $e;
|
|
|
288 |
}
|
|
|
289 |
|
|
|
290 |
xml_parser_free($parser);
|
|
|
291 |
$this->current_parsing_options = array();
|
|
|
292 |
|
|
|
293 |
return $this->_xh;
|
|
|
294 |
}
|
|
|
295 |
|
|
|
296 |
/**
|
|
|
297 |
* xml parser handler function for opening element tags.
|
|
|
298 |
* @internal
|
|
|
299 |
*
|
|
|
300 |
* @param resource $parser
|
|
|
301 |
* @param string $name
|
|
|
302 |
* @param $attrs
|
|
|
303 |
* @param bool $acceptSingleVals DEPRECATED use the $accept parameter instead
|
|
|
304 |
* @return void
|
|
|
305 |
*
|
|
|
306 |
* @todo optimization creep: throw when setting $this->_xh['isf'] > 1, to completely avoid further xml parsing
|
|
|
307 |
* and remove the checking for $this->_xh['isf'] >= 2 everywhere
|
|
|
308 |
*/
|
|
|
309 |
public function xmlrpc_se($parser, $name, $attrs, $acceptSingleVals = false)
|
|
|
310 |
{
|
|
|
311 |
// if invalid xml-rpc already detected, skip all processing
|
|
|
312 |
if ($this->_xh['isf'] >= 2) {
|
|
|
313 |
return;
|
|
|
314 |
}
|
|
|
315 |
|
|
|
316 |
// check for correct element nesting
|
|
|
317 |
if (count($this->_xh['stack']) == 0) {
|
|
|
318 |
// top level element can only be of 2 types
|
|
|
319 |
/// @todo optimization creep: save this check into a bool variable, instead of using count() every time:
|
|
|
320 |
/// there is only a single top level element in xml anyway
|
|
|
321 |
|
|
|
322 |
// BC
|
|
|
323 |
if ($acceptSingleVals === false) {
|
|
|
324 |
$accept = $this->current_parsing_options['accept'];
|
|
|
325 |
} else {
|
|
|
326 |
$this->logDeprecation('Using argument $acceptSingleVals for method ' . __METHOD__ . ' is deprecated');
|
|
|
327 |
$accept = self::ACCEPT_REQUEST | self::ACCEPT_RESPONSE | self::ACCEPT_VALUE;
|
|
|
328 |
}
|
|
|
329 |
if (($name == 'METHODCALL' && ($accept & self::ACCEPT_REQUEST)) ||
|
|
|
330 |
($name == 'METHODRESPONSE' && ($accept & self::ACCEPT_RESPONSE)) ||
|
|
|
331 |
($name == 'VALUE' && ($accept & self::ACCEPT_VALUE)) ||
|
|
|
332 |
($name == 'FAULT' && ($accept & self::ACCEPT_FAULT))) {
|
|
|
333 |
$this->_xh['rt'] = strtolower($name);
|
|
|
334 |
} else {
|
|
|
335 |
$this->_xh['isf'] = 2;
|
|
|
336 |
$this->_xh['isf_reason'] = 'missing top level xmlrpc element. Found: ' . $name;
|
|
|
337 |
|
|
|
338 |
return;
|
|
|
339 |
}
|
|
|
340 |
} else {
|
|
|
341 |
// not top level element: see if parent is OK
|
|
|
342 |
$parent = end($this->_xh['stack']);
|
|
|
343 |
if (!array_key_exists($name, $this->xmlrpc_valid_parents) || !in_array($parent, $this->xmlrpc_valid_parents[$name])) {
|
|
|
344 |
$this->_xh['isf'] = 2;
|
|
|
345 |
$this->_xh['isf_reason'] = "xmlrpc element $name cannot be child of $parent";
|
|
|
346 |
|
|
|
347 |
return;
|
|
|
348 |
}
|
|
|
349 |
}
|
|
|
350 |
|
|
|
351 |
switch ($name) {
|
|
|
352 |
// optimize for speed switch cases: most common cases first
|
|
|
353 |
case 'VALUE':
|
|
|
354 |
/// @todo we could check for 2 VALUE elements inside a MEMBER or PARAM element
|
|
|
355 |
$this->_xh['vt'] = 'value'; // indicator: no value found yet
|
|
|
356 |
$this->_xh['ac'] = '';
|
|
|
357 |
$this->_xh['lv'] = 1;
|
|
|
358 |
$this->_xh['php_class'] = null;
|
|
|
359 |
break;
|
|
|
360 |
|
|
|
361 |
case 'I8':
|
|
|
362 |
case 'EX:I8':
|
|
|
363 |
if (PHP_INT_SIZE === 4) {
|
|
|
364 |
// INVALID ELEMENT: RAISE ISF so that it is later recognized!!!
|
|
|
365 |
$this->_xh['isf'] = 2;
|
|
|
366 |
$this->_xh['isf_reason'] = "Received i8 element but php is compiled in 32 bit mode";
|
|
|
367 |
|
|
|
368 |
return;
|
|
|
369 |
}
|
|
|
370 |
// fall through voluntarily
|
|
|
371 |
|
|
|
372 |
case 'I4':
|
|
|
373 |
case 'INT':
|
|
|
374 |
case 'STRING':
|
|
|
375 |
case 'BOOLEAN':
|
|
|
376 |
case 'DOUBLE':
|
|
|
377 |
case 'DATETIME.ISO8601':
|
|
|
378 |
case 'BASE64':
|
|
|
379 |
if ($this->_xh['vt'] != 'value') {
|
|
|
380 |
// two data elements inside a value: an error occurred!
|
|
|
381 |
$this->_xh['isf'] = 2;
|
|
|
382 |
$this->_xh['isf_reason'] = "$name element following a {$this->_xh['vt']} element inside a single value";
|
|
|
383 |
|
|
|
384 |
return;
|
|
|
385 |
}
|
|
|
386 |
$this->_xh['ac'] = ''; // reset the accumulator
|
|
|
387 |
break;
|
|
|
388 |
|
|
|
389 |
case 'STRUCT':
|
|
|
390 |
case 'ARRAY':
|
|
|
391 |
if ($this->_xh['vt'] != 'value') {
|
|
|
392 |
// two data elements inside a value: an error occurred!
|
|
|
393 |
$this->_xh['isf'] = 2;
|
|
|
394 |
$this->_xh['isf_reason'] = "$name element following a {$this->_xh['vt']} element inside a single value";
|
|
|
395 |
|
|
|
396 |
return;
|
|
|
397 |
}
|
|
|
398 |
// create an empty array to hold child values, and push it onto appropriate stack
|
|
|
399 |
$curVal = array(
|
|
|
400 |
'values' => array(),
|
|
|
401 |
'type' => $name,
|
|
|
402 |
);
|
|
|
403 |
// check for out-of-band information to rebuild php objs and, in case it is found, save it
|
|
|
404 |
if (@isset($attrs['PHP_CLASS'])) {
|
|
|
405 |
$curVal['php_class'] = $attrs['PHP_CLASS'];
|
|
|
406 |
}
|
|
|
407 |
$this->_xh['valuestack'][] = $curVal;
|
|
|
408 |
$this->_xh['vt'] = 'data'; // be prepared for a data element next
|
|
|
409 |
break;
|
|
|
410 |
|
|
|
411 |
case 'DATA':
|
|
|
412 |
if ($this->_xh['vt'] != 'data') {
|
|
|
413 |
// two data elements inside a value: an error occurred!
|
|
|
414 |
$this->_xh['isf'] = 2;
|
|
|
415 |
$this->_xh['isf_reason'] = "found two data elements inside an array element";
|
|
|
416 |
|
|
|
417 |
return;
|
|
|
418 |
}
|
|
|
419 |
|
|
|
420 |
case 'METHODCALL':
|
|
|
421 |
case 'METHODRESPONSE':
|
|
|
422 |
case 'PARAMS':
|
|
|
423 |
// valid elements that add little to processing
|
|
|
424 |
break;
|
|
|
425 |
|
|
|
426 |
case 'METHODNAME':
|
|
|
427 |
case 'NAME':
|
|
|
428 |
/// @todo we could check for 2 NAME elements inside a MEMBER element
|
|
|
429 |
$this->_xh['ac'] = '';
|
|
|
430 |
break;
|
|
|
431 |
|
|
|
432 |
case 'FAULT':
|
|
|
433 |
$this->_xh['isf'] = 1;
|
|
|
434 |
break;
|
|
|
435 |
|
|
|
436 |
case 'MEMBER':
|
|
|
437 |
// set member name to null, in case we do not find in the xml later on
|
|
|
438 |
$this->_xh['valuestack'][count($this->_xh['valuestack']) - 1]['name'] = null;
|
|
|
439 |
//$this->_xh['ac']='';
|
|
|
440 |
// Drop trough intentionally
|
|
|
441 |
|
|
|
442 |
case 'PARAM':
|
|
|
443 |
// clear value type, so we can check later if no value has been passed for this param/member
|
|
|
444 |
$this->_xh['vt'] = null;
|
|
|
445 |
break;
|
|
|
446 |
|
|
|
447 |
case 'NIL':
|
|
|
448 |
case 'EX:NIL':
|
|
|
449 |
if ($this->current_parsing_options['xmlrpc_null_extension']) {
|
|
|
450 |
if ($this->_xh['vt'] != 'value') {
|
|
|
451 |
// two data elements inside a value: an error occurred!
|
|
|
452 |
$this->_xh['isf'] = 2;
|
|
|
453 |
$this->_xh['isf_reason'] = "$name element following a {$this->_xh['vt']} element inside a single value";
|
|
|
454 |
|
|
|
455 |
return;
|
|
|
456 |
}
|
|
|
457 |
// reset the accumulator - q: is this necessary at all here? we don't use it on _ee anyway for NILs
|
|
|
458 |
$this->_xh['ac'] = '';
|
|
|
459 |
|
|
|
460 |
} else {
|
|
|
461 |
$this->_xh['isf'] = 2;
|
|
|
462 |
$this->_xh['isf_reason'] = 'Invalid NIL value received. Support for NIL can be enabled via \\PhpXmlRpc\\PhpXmlRpc::$xmlrpc_null_extension';
|
|
|
463 |
|
|
|
464 |
return;
|
|
|
465 |
}
|
|
|
466 |
break;
|
|
|
467 |
|
|
|
468 |
default:
|
|
|
469 |
// INVALID ELEMENT: RAISE ISF so that it is later recognized
|
|
|
470 |
/// @todo feature creep = allow a callback instead
|
|
|
471 |
$this->_xh['isf'] = 2;
|
|
|
472 |
$this->_xh['isf_reason'] = "found not-xmlrpc xml element $name";
|
|
|
473 |
|
|
|
474 |
return;
|
|
|
475 |
}
|
|
|
476 |
|
|
|
477 |
// Save current element name to stack, to validate nesting
|
|
|
478 |
$this->_xh['stack'][] = $name;
|
|
|
479 |
|
|
|
480 |
/// @todo optimization creep: move this inside the big switch() above
|
|
|
481 |
if ($name != 'VALUE') {
|
|
|
482 |
$this->_xh['lv'] = 0;
|
|
|
483 |
}
|
|
|
484 |
}
|
|
|
485 |
|
|
|
486 |
/**
|
|
|
487 |
* xml parser handler function for close element tags.
|
|
|
488 |
* @internal
|
|
|
489 |
*
|
|
|
490 |
* @param resource $parser
|
|
|
491 |
* @param string $name
|
|
|
492 |
* @param int $rebuildXmlrpcvals >1 for rebuilding xmlrpcvals, 0 for rebuilding php values, -1 for xmlrpc-extension compatibility
|
|
|
493 |
* @return void
|
|
|
494 |
* @throws \Exception this can happen if a callback function is set and it does throw (i.e. we do not catch exceptions)
|
|
|
495 |
*
|
|
|
496 |
* @todo optimization creep: throw when setting $this->_xh['isf'] > 1, to completely avoid further xml parsing
|
|
|
497 |
* and remove the checking for $this->_xh['isf'] >= 2 everywhere
|
|
|
498 |
*/
|
|
|
499 |
public function xmlrpc_ee($parser, $name, $rebuildXmlrpcvals = 1)
|
|
|
500 |
{
|
|
|
501 |
if ($this->_xh['isf'] >= 2) {
|
|
|
502 |
return;
|
|
|
503 |
}
|
|
|
504 |
|
|
|
505 |
// push this element name from stack
|
|
|
506 |
// NB: if XML validates, correct opening/closing is guaranteed and we do not have to check for $name == $currElem.
|
|
|
507 |
// we also checked for proper nesting at start of elements...
|
|
|
508 |
$currElem = array_pop($this->_xh['stack']);
|
|
|
509 |
|
|
|
510 |
switch ($name) {
|
|
|
511 |
case 'VALUE':
|
|
|
512 |
// If no scalar was inside <VALUE></VALUE>, it was a string value
|
|
|
513 |
if ($this->_xh['vt'] == 'value') {
|
|
|
514 |
$this->_xh['value'] = $this->_xh['ac'];
|
|
|
515 |
$this->_xh['vt'] = Value::$xmlrpcString;
|
|
|
516 |
}
|
|
|
517 |
|
|
|
518 |
// in case there is charset conversion required, do it here, to catch both cases of string values
|
|
|
519 |
if (isset($this->current_parsing_options['target_charset']) && $this->_xh['vt'] === Value::$xmlrpcString) {
|
|
|
520 |
$this->_xh['value'] = mb_convert_encoding($this->_xh['value'], $this->current_parsing_options['target_charset'], 'UTF-8');
|
|
|
521 |
}
|
|
|
522 |
|
|
|
523 |
if ($rebuildXmlrpcvals > 0) {
|
|
|
524 |
// build the xml-rpc val out of the data received, and substitute it
|
|
|
525 |
$temp = new Value($this->_xh['value'], $this->_xh['vt']);
|
|
|
526 |
// in case we got info about underlying php class, save it in the object we're rebuilding
|
|
|
527 |
if (isset($this->_xh['php_class'])) {
|
|
|
528 |
$temp->_php_class = $this->_xh['php_class'];
|
|
|
529 |
}
|
|
|
530 |
$this->_xh['value'] = $temp;
|
|
|
531 |
} elseif ($rebuildXmlrpcvals < 0) {
|
|
|
532 |
if ($this->_xh['vt'] == Value::$xmlrpcDateTime) {
|
|
|
533 |
$this->_xh['value'] = (object)array(
|
|
|
534 |
'xmlrpc_type' => 'datetime',
|
|
|
535 |
'scalar' => $this->_xh['value'],
|
|
|
536 |
'timestamp' => \PhpXmlRpc\Helper\Date::iso8601Decode($this->_xh['value'])
|
|
|
537 |
);
|
|
|
538 |
} elseif ($this->_xh['vt'] == Value::$xmlrpcBase64) {
|
|
|
539 |
$this->_xh['value'] = (object)array(
|
|
|
540 |
'xmlrpc_type' => 'base64',
|
|
|
541 |
'scalar' => $this->_xh['value']
|
|
|
542 |
);
|
|
|
543 |
}
|
|
|
544 |
} else {
|
|
|
545 |
/// @todo this should handle php-serialized objects, since std deserializing is done
|
|
|
546 |
/// by php_xmlrpc_decode, which we will not be calling...
|
|
|
547 |
//if (isset($this->_xh['php_class'])) {
|
|
|
548 |
//}
|
|
|
549 |
}
|
|
|
550 |
|
|
|
551 |
// check if we are inside an array or struct:
|
|
|
552 |
// if value just built is inside an array, let's move it into array on the stack
|
|
|
553 |
$vscount = count($this->_xh['valuestack']);
|
|
|
554 |
if ($vscount && $this->_xh['valuestack'][$vscount - 1]['type'] == 'ARRAY') {
|
|
|
555 |
$this->_xh['valuestack'][$vscount - 1]['values'][] = $this->_xh['value'];
|
|
|
556 |
}
|
|
|
557 |
break;
|
|
|
558 |
|
|
|
559 |
case 'STRING':
|
|
|
560 |
$this->_xh['vt'] = Value::$xmlrpcString;
|
|
|
561 |
$this->_xh['lv'] = 3; // indicate we've found a value
|
|
|
562 |
$this->_xh['value'] = $this->_xh['ac'];
|
|
|
563 |
break;
|
|
|
564 |
|
|
|
565 |
case 'BOOLEAN':
|
|
|
566 |
$this->_xh['vt'] = Value::$xmlrpcBoolean;
|
|
|
567 |
$this->_xh['lv'] = 3; // indicate we've found a value
|
|
|
568 |
// We translate boolean 1 or 0 into PHP constants true or false. Strings 'true' and 'false' are accepted,
|
|
|
569 |
// even though the spec never mentions them (see e.g. Blogger api docs)
|
|
|
570 |
// NB: this simple checks helps a lot sanitizing input, i.e. no security problems around here
|
|
|
571 |
// Note the non-strict type check: it will allow ' 1 '
|
|
|
572 |
/// @todo feature-creep: use a flexible regexp, the same as we do with int, double and datetime.
|
|
|
573 |
/// Note that using a regexp would also make this test less sensitive to phpunit shenanigans, and
|
|
|
574 |
/// to changes in the way php compares strings (since 8.0, leading and trailing newlines are
|
|
|
575 |
/// accepted when deciding if a string numeric...)
|
|
|
576 |
if ($this->_xh['ac'] == '1' || strcasecmp($this->_xh['ac'], 'true') === 0) {
|
|
|
577 |
$this->_xh['value'] = true;
|
|
|
578 |
} else {
|
|
|
579 |
// log if receiving something strange, even though we set the value to false anyway
|
|
|
580 |
/// @todo to be consistent with the other types, we should return a value outside the good-value domain, e.g. NULL
|
|
|
581 |
if ($this->_xh['ac'] != '0' && strcasecmp($this->_xh['ac'], 'false') !== 0) {
|
|
|
582 |
if (!$this->handleParsingError('invalid data received in BOOLEAN value: ' .
|
|
|
583 |
$this->truncateValueForLog($this->_xh['ac']), __METHOD__)) {
|
|
|
584 |
return;
|
|
|
585 |
}
|
|
|
586 |
}
|
|
|
587 |
$this->_xh['value'] = false;
|
|
|
588 |
}
|
|
|
589 |
break;
|
|
|
590 |
|
|
|
591 |
case 'EX:I8':
|
|
|
592 |
$name = 'i8';
|
|
|
593 |
// fall through voluntarily
|
|
|
594 |
case 'I4':
|
|
|
595 |
case 'I8':
|
|
|
596 |
case 'INT':
|
|
|
597 |
// NB: we build the Value object with the original xml element name found, except for ex:i8. The
|
|
|
598 |
// `Value::scalarTyp()` function will do some normalization of the data
|
|
|
599 |
$this->_xh['vt'] = strtolower($name);
|
|
|
600 |
$this->_xh['lv'] = 3; // indicate we've found a value
|
|
|
601 |
if (!preg_match(PhpXmlRpc::$xmlrpc_int_format, $this->_xh['ac'])) {
|
|
|
602 |
if (!$this->handleParsingError('non numeric data received in INT value: ' .
|
|
|
603 |
$this->truncateValueForLog($this->_xh['ac']), __METHOD__)) {
|
|
|
604 |
return;
|
|
|
605 |
}
|
|
|
606 |
/// @todo: find a better way of reporting an error value than this! Use NaN?
|
|
|
607 |
$this->_xh['value'] = 'ERROR_NON_NUMERIC_FOUND';
|
|
|
608 |
} else {
|
|
|
609 |
// it's ok, add it on
|
|
|
610 |
$this->_xh['value'] = (int)$this->_xh['ac'];
|
|
|
611 |
}
|
|
|
612 |
break;
|
|
|
613 |
|
|
|
614 |
case 'DOUBLE':
|
|
|
615 |
$this->_xh['vt'] = Value::$xmlrpcDouble;
|
|
|
616 |
$this->_xh['lv'] = 3; // indicate we've found a value
|
|
|
617 |
if (!preg_match(PhpXmlRpc::$xmlrpc_double_format, $this->_xh['ac'])) {
|
|
|
618 |
if (!$this->handleParsingError('non numeric data received in DOUBLE value: ' .
|
|
|
619 |
$this->truncateValueForLog($this->_xh['ac']), __METHOD__)) {
|
|
|
620 |
return;
|
|
|
621 |
}
|
|
|
622 |
|
|
|
623 |
$this->_xh['value'] = 'ERROR_NON_NUMERIC_FOUND';
|
|
|
624 |
} else {
|
|
|
625 |
// it's ok, add it on
|
|
|
626 |
$this->_xh['value'] = (double)$this->_xh['ac'];
|
|
|
627 |
}
|
|
|
628 |
break;
|
|
|
629 |
|
|
|
630 |
case 'DATETIME.ISO8601':
|
|
|
631 |
$this->_xh['vt'] = Value::$xmlrpcDateTime;
|
|
|
632 |
$this->_xh['lv'] = 3; // indicate we've found a value
|
|
|
633 |
if (!preg_match(PhpXmlRpc::$xmlrpc_datetime_format, $this->_xh['ac'])) {
|
|
|
634 |
if (!$this->handleParsingError('invalid data received in DATETIME value: ' .
|
|
|
635 |
$this->truncateValueForLog($this->_xh['ac']), __METHOD__)) {
|
|
|
636 |
return;
|
|
|
637 |
}
|
|
|
638 |
}
|
|
|
639 |
if ($this->current_parsing_options['xmlrpc_return_datetimes']) {
|
|
|
640 |
try {
|
|
|
641 |
$this->_xh['value'] = new \DateTime($this->_xh['ac']);
|
|
|
642 |
|
|
|
643 |
// the default regex used to validate the date string a few lines above should make this case impossible,
|
|
|
644 |
// but one never knows...
|
|
|
645 |
} catch(\Exception $e) {
|
|
|
646 |
// what to do? We can not guarantee that a valid date can be created. We return null...
|
|
|
647 |
if (!$this->handleParsingError('invalid data received in DATETIME value. Error ' .
|
|
|
648 |
$e->getMessage(), __METHOD__)) {
|
|
|
649 |
return;
|
|
|
650 |
}
|
|
|
651 |
}
|
|
|
652 |
} else {
|
|
|
653 |
$this->_xh['value'] = $this->_xh['ac'];
|
|
|
654 |
}
|
|
|
655 |
break;
|
|
|
656 |
|
|
|
657 |
case 'BASE64':
|
|
|
658 |
$this->_xh['vt'] = Value::$xmlrpcBase64;
|
|
|
659 |
$this->_xh['lv'] = 3; // indicate we've found a value
|
|
|
660 |
if ($this->current_parsing_options['xmlrpc_reject_invalid_values']) {
|
|
|
661 |
$v = base64_decode($this->_xh['ac'], true);
|
|
|
662 |
if ($v === false) {
|
|
|
663 |
$this->_xh['isf'] = 2;
|
|
|
664 |
$this->_xh['isf_reason'] = 'Invalid data received in BASE64 value: '. $this->truncateValueForLog($this->_xh['ac']);
|
|
|
665 |
return;
|
|
|
666 |
}
|
|
|
667 |
} else {
|
|
|
668 |
$v = base64_decode($this->_xh['ac']);
|
|
|
669 |
if ($v === '' && $this->_xh['ac'] !== '') {
|
|
|
670 |
// only the empty string should decode to the empty string
|
|
|
671 |
$this->getLogger()->error('XML-RPC: ' . __METHOD__ . ': invalid data received in BASE64 value: ' .
|
|
|
672 |
$this->truncateValueForLog($this->_xh['ac']));
|
|
|
673 |
}
|
|
|
674 |
}
|
|
|
675 |
$this->_xh['value'] = $v;
|
|
|
676 |
break;
|
|
|
677 |
|
|
|
678 |
case 'NAME':
|
|
|
679 |
$this->_xh['valuestack'][count($this->_xh['valuestack']) - 1]['name'] = $this->_xh['ac'];
|
|
|
680 |
break;
|
|
|
681 |
|
|
|
682 |
case 'MEMBER':
|
|
|
683 |
// add to array in the stack the last element built, unless no VALUE or no NAME were found
|
|
|
684 |
if ($this->_xh['vt']) {
|
|
|
685 |
$vscount = count($this->_xh['valuestack']);
|
|
|
686 |
if ($this->_xh['valuestack'][$vscount - 1]['name'] === null) {
|
|
|
687 |
if (!$this->handleParsingError('missing NAME inside STRUCT in received xml', __METHOD__)) {
|
|
|
688 |
return;
|
|
|
689 |
}
|
|
|
690 |
$this->_xh['valuestack'][$vscount - 1]['name'] = '';
|
|
|
691 |
}
|
|
|
692 |
$this->_xh['valuestack'][$vscount - 1]['values'][$this->_xh['valuestack'][$vscount - 1]['name']] = $this->_xh['value'];
|
|
|
693 |
} else {
|
|
|
694 |
if (!$this->handleParsingError('missing VALUE inside STRUCT in received xml', __METHOD__)) {
|
|
|
695 |
return;
|
|
|
696 |
}
|
|
|
697 |
}
|
|
|
698 |
break;
|
|
|
699 |
|
|
|
700 |
case 'DATA':
|
|
|
701 |
$this->_xh['vt'] = null; // reset this to check for 2 data elements in a row - even if they're empty
|
|
|
702 |
break;
|
|
|
703 |
|
|
|
704 |
case 'STRUCT':
|
|
|
705 |
case 'ARRAY':
|
|
|
706 |
// fetch out of stack array of values, and promote it to current value
|
|
|
707 |
$currVal = array_pop($this->_xh['valuestack']);
|
|
|
708 |
$this->_xh['value'] = $currVal['values'];
|
|
|
709 |
$this->_xh['vt'] = strtolower($name);
|
|
|
710 |
if (isset($currVal['php_class'])) {
|
|
|
711 |
$this->_xh['php_class'] = $currVal['php_class'];
|
|
|
712 |
}
|
|
|
713 |
break;
|
|
|
714 |
|
|
|
715 |
case 'PARAM':
|
|
|
716 |
// add to array of params the current value, unless no VALUE was found
|
|
|
717 |
/// @todo should we also check if there were two VALUE inside the PARAM?
|
|
|
718 |
if ($this->_xh['vt']) {
|
|
|
719 |
$this->_xh['params'][] = $this->_xh['value'];
|
|
|
720 |
$this->_xh['pt'][] = $this->_xh['vt'];
|
|
|
721 |
} else {
|
|
|
722 |
if (!$this->handleParsingError('missing VALUE inside PARAM in received xml', __METHOD__)) {
|
|
|
723 |
return;
|
|
|
724 |
}
|
|
|
725 |
}
|
|
|
726 |
break;
|
|
|
727 |
|
|
|
728 |
case 'METHODNAME':
|
|
|
729 |
if (!preg_match(PhpXmlRpc::$xmlrpc_methodname_format, $this->_xh['ac'])) {
|
|
|
730 |
if (!$this->handleParsingError('invalid data received in METHODNAME: '.
|
|
|
731 |
$this->truncateValueForLog($this->_xh['ac']), __METHOD__)) {
|
|
|
732 |
return;
|
|
|
733 |
}
|
|
|
734 |
}
|
|
|
735 |
$methodName = trim($this->_xh['ac']);
|
|
|
736 |
$this->_xh['method'] = $methodName;
|
|
|
737 |
// we allow the callback to f.e. give us back a mangled method name by manipulating $this
|
|
|
738 |
if (isset($this->current_parsing_options['methodname_callback'])) {
|
|
|
739 |
call_user_func($this->current_parsing_options['methodname_callback'], $methodName, $this, $parser);
|
|
|
740 |
}
|
|
|
741 |
break;
|
|
|
742 |
|
|
|
743 |
case 'NIL':
|
|
|
744 |
case 'EX:NIL':
|
|
|
745 |
// NB: if NIL support is not enabled, parsing stops at element start. So this If is redundant
|
|
|
746 |
//if ($this->current_parsing_options['xmlrpc_null_extension']) {
|
|
|
747 |
$this->_xh['vt'] = 'null';
|
|
|
748 |
$this->_xh['value'] = null;
|
|
|
749 |
$this->_xh['lv'] = 3;
|
|
|
750 |
//}
|
|
|
751 |
break;
|
|
|
752 |
|
|
|
753 |
/// @todo add extra checking:
|
|
|
754 |
/// - METHODRESPONSE should contain either a PARAMS with a single PARAM, or a FAULT
|
|
|
755 |
/// - FAULT should contain a single struct with the 2 expected members (check their name and type)
|
|
|
756 |
/// - METHODCALL should contain a methodname
|
|
|
757 |
case 'PARAMS':
|
|
|
758 |
case 'FAULT':
|
|
|
759 |
case 'METHODCALL':
|
|
|
760 |
case 'METHODRESPONSE':
|
|
|
761 |
break;
|
|
|
762 |
|
|
|
763 |
default:
|
|
|
764 |
// End of INVALID ELEMENT
|
|
|
765 |
// Should we add an assert here for unreachable code? When an invalid element is found in xmlrpc_se,
|
|
|
766 |
// $this->_xh['isf'] is set to 2...
|
|
|
767 |
break;
|
|
|
768 |
}
|
|
|
769 |
}
|
|
|
770 |
|
|
|
771 |
/**
|
|
|
772 |
* Used in decoding xml-rpc requests/responses without rebuilding xml-rpc Values.
|
|
|
773 |
* @internal
|
|
|
774 |
*
|
|
|
775 |
* @param resource $parser
|
|
|
776 |
* @param string $name
|
|
|
777 |
* @return void
|
|
|
778 |
*/
|
|
|
779 |
public function xmlrpc_ee_fast($parser, $name)
|
|
|
780 |
{
|
|
|
781 |
$this->xmlrpc_ee($parser, $name, 0);
|
|
|
782 |
}
|
|
|
783 |
|
|
|
784 |
/**
|
|
|
785 |
* Used in decoding xml-rpc requests/responses while building xmlrpc-extension Values (plain php for all but base64 and datetime).
|
|
|
786 |
* @internal
|
|
|
787 |
*
|
|
|
788 |
* @param resource $parser
|
|
|
789 |
* @param string $name
|
|
|
790 |
* @return void
|
|
|
791 |
*/
|
|
|
792 |
public function xmlrpc_ee_epi($parser, $name)
|
|
|
793 |
{
|
|
|
794 |
$this->xmlrpc_ee($parser, $name, -1);
|
|
|
795 |
}
|
|
|
796 |
|
|
|
797 |
/**
|
|
|
798 |
* xml parser handler function for character data.
|
|
|
799 |
* @internal
|
|
|
800 |
*
|
|
|
801 |
* @param resource $parser
|
|
|
802 |
* @param string $data
|
|
|
803 |
* @return void
|
|
|
804 |
*/
|
|
|
805 |
public function xmlrpc_cd($parser, $data)
|
|
|
806 |
{
|
|
|
807 |
// skip processing if xml fault already detected
|
|
|
808 |
if ($this->_xh['isf'] >= 2) {
|
|
|
809 |
return;
|
|
|
810 |
}
|
|
|
811 |
|
|
|
812 |
// "lookforvalue == 3" means that we've found an entire value and should discard any further character data
|
|
|
813 |
if ($this->_xh['lv'] != 3) {
|
|
|
814 |
$this->_xh['ac'] .= $data;
|
|
|
815 |
}
|
|
|
816 |
}
|
|
|
817 |
|
|
|
818 |
/**
|
|
|
819 |
* xml parser handler function for 'other stuff', i.e. not char data or element start/end tag.
|
|
|
820 |
* In fact, it only gets called on unknown entities...
|
|
|
821 |
* @internal
|
|
|
822 |
*
|
|
|
823 |
* @param $parser
|
|
|
824 |
* @param string data
|
|
|
825 |
* @return void
|
|
|
826 |
*/
|
|
|
827 |
public function xmlrpc_dh($parser, $data)
|
|
|
828 |
{
|
|
|
829 |
// skip processing if xml fault already detected
|
|
|
830 |
if ($this->_xh['isf'] >= 2) {
|
|
|
831 |
return;
|
|
|
832 |
}
|
|
|
833 |
|
|
|
834 |
if (substr($data, 0, 1) == '&' && substr($data, -1, 1) == ';') {
|
|
|
835 |
$this->_xh['ac'] .= $data;
|
|
|
836 |
}
|
|
|
837 |
}
|
|
|
838 |
|
|
|
839 |
/**
|
|
|
840 |
* xml charset encoding guessing helper function.
|
|
|
841 |
* Tries to determine the charset encoding of an XML chunk received over HTTP.
|
|
|
842 |
* NB: according to the spec (RFC 3023), if text/xml content-type is received over HTTP without a content-type,
|
|
|
843 |
* we SHOULD assume it is strictly US-ASCII. But we try to be more tolerant of non-conforming (legacy?) clients/servers,
|
|
|
844 |
* which will be most probably using UTF-8 anyway...
|
|
|
845 |
* In order of importance checks:
|
|
|
846 |
* 1. http headers
|
|
|
847 |
* 2. BOM
|
|
|
848 |
* 3. XML declaration
|
|
|
849 |
* 4. guesses using mb_detect_encoding()
|
|
|
850 |
*
|
|
|
851 |
* @param string $httpHeader the http Content-type header
|
|
|
852 |
* @param string $xmlChunk xml content buffer
|
|
|
853 |
* @param string $encodingPrefs comma separated list of character encodings to be used as default (when mb extension is enabled).
|
|
|
854 |
* This can also be set globally using PhpXmlRpc::$xmlrpc_detectencodings
|
|
|
855 |
* @return string the encoding determined. Null if it can't be determined and mbstring is enabled,
|
|
|
856 |
* PhpXmlRpc::$xmlrpc_defencoding if it can't be determined and mbstring is not enabled
|
|
|
857 |
*
|
|
|
858 |
* @todo explore usage of mb_http_input(): does it detect http headers + post data? if so, use it instead of hand-detection!!!
|
|
|
859 |
* @todo feature-creep make it possible to pass in options overriding usage of PhpXmlRpc static variables, to make
|
|
|
860 |
* the method independent of global state
|
|
|
861 |
*/
|
|
|
862 |
public static function guessEncoding($httpHeader = '', $xmlChunk = '', $encodingPrefs = null)
|
|
|
863 |
{
|
|
|
864 |
// discussion: see http://www.yale.edu/pclt/encoding/
|
|
|
865 |
// 1 - test if encoding is specified in HTTP HEADERS
|
|
|
866 |
|
|
|
867 |
// Details:
|
|
|
868 |
// LWS: (\13\10)?( |\t)+
|
|
|
869 |
// token: (any char but excluded stuff)+
|
|
|
870 |
// quoted string: " (any char but double quotes and control chars)* "
|
|
|
871 |
// header: Content-type = ...; charset=value(; ...)*
|
|
|
872 |
// where value is of type token, no LWS allowed between 'charset' and value
|
|
|
873 |
// Note: we do not check for invalid chars in VALUE:
|
|
|
874 |
// this had better be done using pure ereg as below
|
|
|
875 |
// Note 2: we might be removing whitespace/tabs that ought to be left in if
|
|
|
876 |
// the received charset is a quoted string. But nobody uses such charset names...
|
|
|
877 |
|
|
|
878 |
/// @todo this test will pass if ANY header has charset specification, not only Content-Type. Fix it?
|
|
|
879 |
$matches = array();
|
|
|
880 |
if (preg_match('/;\s*charset\s*=([^;]+)/i', $httpHeader, $matches)) {
|
|
|
881 |
return strtoupper(trim($matches[1], " \t\""));
|
|
|
882 |
}
|
|
|
883 |
|
|
|
884 |
// 2 - scan the first bytes of the data for a UTF-16 (or other) BOM pattern
|
|
|
885 |
// (source: http://www.w3.org/TR/2000/REC-xml-20001006)
|
|
|
886 |
// NOTE: actually, according to the spec, even if we find the BOM and determine
|
|
|
887 |
// an encoding, we should check if there is an encoding specified
|
|
|
888 |
// in the xml declaration, and verify if they match.
|
|
|
889 |
/// @todo implement check as described above?
|
|
|
890 |
/// @todo implement check for first bytes of string even without a BOM? (It sure looks harder than for cases WITH a BOM)
|
|
|
891 |
if (preg_match('/^(?:\x00\x00\xFE\xFF|\xFF\xFE\x00\x00|\x00\x00\xFF\xFE|\xFE\xFF\x00\x00)/', $xmlChunk)) {
|
|
|
892 |
return 'UCS-4';
|
|
|
893 |
} elseif (preg_match('/^(?:\xFE\xFF|\xFF\xFE)/', $xmlChunk)) {
|
|
|
894 |
return 'UTF-16';
|
|
|
895 |
} elseif (preg_match('/^(?:\xEF\xBB\xBF)/', $xmlChunk)) {
|
|
|
896 |
return 'UTF-8';
|
|
|
897 |
}
|
|
|
898 |
|
|
|
899 |
// 3 - test if encoding is specified in the xml declaration
|
|
|
900 |
/// @todo this regexp will fail if $xmlChunk uses UTF-32/UCS-4, and most likely UTF-16/UCS-2 as well. In that
|
|
|
901 |
/// case we leave the guesswork up to mbstring - which seems to be able to detect it, starting with php 5.6.
|
|
|
902 |
/// For lower versions, we could attempt usage of mb_ereg...
|
|
|
903 |
// Details:
|
|
|
904 |
// SPACE: (#x20 | #x9 | #xD | #xA)+ === [ \x9\xD\xA]+
|
|
|
905 |
// EQ: SPACE?=SPACE? === [ \x9\xD\xA]*=[ \x9\xD\xA]*
|
|
|
906 |
if (preg_match('/^<\?xml\s+version\s*=\s*' . "((?:\"[a-zA-Z0-9_.:-]+\")|(?:'[a-zA-Z0-9_.:-]+'))" .
|
|
|
907 |
'\s+encoding\s*=\s*' . "((?:\"[A-Za-z][A-Za-z0-9._-]*\")|(?:'[A-Za-z][A-Za-z0-9._-]*'))/",
|
|
|
908 |
$xmlChunk, $matches)) {
|
|
|
909 |
return strtoupper(substr($matches[2], 1, -1));
|
|
|
910 |
}
|
|
|
911 |
|
|
|
912 |
// 4 - if mbstring is available, let it do the guesswork
|
|
|
913 |
if (function_exists('mb_detect_encoding')) {
|
|
|
914 |
if ($encodingPrefs == null && PhpXmlRpc::$xmlrpc_detectencodings != null) {
|
|
|
915 |
$encodingPrefs = PhpXmlRpc::$xmlrpc_detectencodings;
|
|
|
916 |
}
|
|
|
917 |
if ($encodingPrefs) {
|
|
|
918 |
$enc = mb_detect_encoding($xmlChunk, $encodingPrefs);
|
|
|
919 |
} else {
|
|
|
920 |
$enc = mb_detect_encoding($xmlChunk);
|
|
|
921 |
}
|
|
|
922 |
// NB: mb_detect likes to call it ascii, xml parser likes to call it US_ASCII...
|
|
|
923 |
// IANA also likes better US-ASCII, so go with it
|
|
|
924 |
if ($enc == 'ASCII') {
|
|
|
925 |
$enc = 'US-' . $enc;
|
|
|
926 |
}
|
|
|
927 |
|
|
|
928 |
return $enc;
|
|
|
929 |
} else {
|
|
|
930 |
// no encoding specified: as per HTTP1.1 assume it is iso-8859-1?
|
|
|
931 |
// Both RFC 2616 (HTTP 1.1) and 1945 (HTTP 1.0) clearly state that for text/xxx content types
|
|
|
932 |
// this should be the standard. And we should be getting text/xml as request and response.
|
|
|
933 |
// BUT we have to be backward compatible with the lib, which always used UTF-8 as default...
|
|
|
934 |
return PhpXmlRpc::$xmlrpc_defencoding;
|
|
|
935 |
}
|
|
|
936 |
}
|
|
|
937 |
|
|
|
938 |
/**
|
|
|
939 |
* Helper function: checks if an xml chunk has a charset declaration (BOM or in the xml declaration).
|
|
|
940 |
*
|
|
|
941 |
* @param string $xmlChunk
|
|
|
942 |
* @return bool
|
|
|
943 |
*
|
|
|
944 |
* @todo rename to hasEncodingDeclaration
|
|
|
945 |
*/
|
|
|
946 |
public static function hasEncoding($xmlChunk)
|
|
|
947 |
{
|
|
|
948 |
// scan the first bytes of the data for a UTF-16 (or other) BOM pattern
|
|
|
949 |
// (source: http://www.w3.org/TR/2000/REC-xml-20001006)
|
|
|
950 |
if (preg_match('/^(?:\x00\x00\xFE\xFF|\xFF\xFE\x00\x00|\x00\x00\xFF\xFE|\xFE\xFF\x00\x00)/', $xmlChunk)) {
|
|
|
951 |
return true;
|
|
|
952 |
} elseif (preg_match('/^(?:\xFE\xFF|\xFF\xFE)/', $xmlChunk)) {
|
|
|
953 |
return true;
|
|
|
954 |
} elseif (preg_match('/^(?:\xEF\xBB\xBF)/', $xmlChunk)) {
|
|
|
955 |
return true;
|
|
|
956 |
}
|
|
|
957 |
|
|
|
958 |
// test if encoding is specified in the xml declaration
|
|
|
959 |
// Details:
|
|
|
960 |
// SPACE: (#x20 | #x9 | #xD | #xA)+ === [ \x9\xD\xA]+
|
|
|
961 |
// EQ: SPACE?=SPACE? === [ \x9\xD\xA]*=[ \x9\xD\xA]*
|
|
|
962 |
if (preg_match('/^<\?xml\s+version\s*=\s*' . "((?:\"[a-zA-Z0-9_.:-]+\")|(?:'[a-zA-Z0-9_.:-]+'))" .
|
|
|
963 |
'\s+encoding\s*=\s*' . "((?:\"[A-Za-z][A-Za-z0-9._-]*\")|(?:'[A-Za-z][A-Za-z0-9._-]*'))/",
|
|
|
964 |
$xmlChunk)) {
|
|
|
965 |
return true;
|
|
|
966 |
}
|
|
|
967 |
|
|
|
968 |
return false;
|
|
|
969 |
}
|
|
|
970 |
|
|
|
971 |
/**
|
|
|
972 |
* @param string $message
|
|
|
973 |
* @param string $method method/file/line info
|
|
|
974 |
* @return bool false if the caller has to stop parsing
|
|
|
975 |
*/
|
|
|
976 |
protected function handleParsingError($message, $method = '')
|
|
|
977 |
{
|
|
|
978 |
if ($this->current_parsing_options['xmlrpc_reject_invalid_values']) {
|
|
|
979 |
$this->_xh['isf'] = 2;
|
|
|
980 |
$this->_xh['isf_reason'] = ucfirst($message);
|
|
|
981 |
return false;
|
|
|
982 |
} else {
|
|
|
983 |
$this->getLogger()->error('XML-RPC: ' . ($method != '' ? $method . ': ' : '') . $message);
|
|
|
984 |
return true;
|
|
|
985 |
}
|
|
|
986 |
}
|
|
|
987 |
|
|
|
988 |
/**
|
|
|
989 |
* Truncates unsafe data
|
|
|
990 |
* @param string $data
|
|
|
991 |
* @return string
|
|
|
992 |
*/
|
|
|
993 |
protected function truncateValueForLog($data)
|
|
|
994 |
{
|
|
|
995 |
if (strlen($data) > $this->maxLogValueLength) {
|
|
|
996 |
return substr($data, 0, $this->maxLogValueLength - 3) . '...';
|
|
|
997 |
}
|
|
|
998 |
|
|
|
999 |
return $data;
|
|
|
1000 |
}
|
|
|
1001 |
|
|
|
1002 |
// *** BC layer ***
|
|
|
1003 |
|
|
|
1004 |
/**
|
|
|
1005 |
* xml parser handler function for opening element tags.
|
|
|
1006 |
* Used in decoding xml chunks that might represent single xml-rpc values as well as requests, responses.
|
|
|
1007 |
* @deprecated
|
|
|
1008 |
*
|
|
|
1009 |
* @param resource $parser
|
|
|
1010 |
* @param $name
|
|
|
1011 |
* @param $attrs
|
|
|
1012 |
* @return void
|
|
|
1013 |
*/
|
|
|
1014 |
public function xmlrpc_se_any($parser, $name, $attrs)
|
|
|
1015 |
{
|
|
|
1016 |
// this will be spamming the log if this method is in use...
|
|
|
1017 |
$this->logDeprecation('Method ' . __METHOD__ . ' is deprecated');
|
|
|
1018 |
|
|
|
1019 |
$this->xmlrpc_se($parser, $name, $attrs, true);
|
|
|
1020 |
}
|
|
|
1021 |
|
|
|
1022 |
public function &__get($name)
|
|
|
1023 |
{
|
|
|
1024 |
switch ($name) {
|
|
|
1025 |
case '_xh':
|
|
|
1026 |
case 'xmlrpc_valid_parents':
|
|
|
1027 |
$this->logDeprecation('Getting property XMLParser::' . $name . ' is deprecated');
|
|
|
1028 |
return $this->$name;
|
|
|
1029 |
default:
|
|
|
1030 |
/// @todo throw instead? There are very few other places where the lib trigger errors which can potentially reach stdout...
|
|
|
1031 |
$trace = debug_backtrace(DEBUG_BACKTRACE_IGNORE_ARGS, 1);
|
|
|
1032 |
trigger_error('Undefined property via __get(): ' . $name . ' in ' . $trace[0]['file'] . ' on line ' . $trace[0]['line'], E_USER_WARNING);
|
|
|
1033 |
$result = null;
|
|
|
1034 |
return $result;
|
|
|
1035 |
}
|
|
|
1036 |
}
|
|
|
1037 |
|
|
|
1038 |
public function __set($name, $value)
|
|
|
1039 |
{
|
|
|
1040 |
switch ($name) {
|
|
|
1041 |
// this should only ever be called by subclasses which overtook `parse()`
|
|
|
1042 |
case 'accept':
|
|
|
1043 |
$this->logDeprecation('Setting property XMLParser::' . $name . ' is deprecated');
|
|
|
1044 |
$this->current_parsing_options['accept'] = $value;
|
|
|
1045 |
break;
|
|
|
1046 |
case '_xh':
|
|
|
1047 |
case 'xmlrpc_valid_parents':
|
|
|
1048 |
$this->logDeprecation('Setting property XMLParser::' . $name . ' is deprecated');
|
|
|
1049 |
$this->$name = $value;
|
|
|
1050 |
break;
|
|
|
1051 |
default:
|
|
|
1052 |
/// @todo throw instead? There are very few other places where the lib trigger errors which can potentially reach stdout...
|
|
|
1053 |
$trace = debug_backtrace(DEBUG_BACKTRACE_IGNORE_ARGS, 1);
|
|
|
1054 |
trigger_error('Undefined property via __set(): ' . $name . ' in ' . $trace[0]['file'] . ' on line ' . $trace[0]['line'], E_USER_WARNING);
|
|
|
1055 |
}
|
|
|
1056 |
}
|
|
|
1057 |
|
|
|
1058 |
public function __isset($name)
|
|
|
1059 |
{
|
|
|
1060 |
switch ($name) {
|
|
|
1061 |
case 'accept':
|
|
|
1062 |
$this->logDeprecation('Checking property XMLParser::' . $name . ' is deprecated');
|
|
|
1063 |
return isset($this->current_parsing_options['accept']);
|
|
|
1064 |
case '_xh':
|
|
|
1065 |
case 'xmlrpc_valid_parents':
|
|
|
1066 |
$this->logDeprecation('Checking property XMLParser::' . $name . ' is deprecated');
|
|
|
1067 |
return isset($this->$name);
|
|
|
1068 |
default:
|
|
|
1069 |
return false;
|
|
|
1070 |
}
|
|
|
1071 |
}
|
|
|
1072 |
|
|
|
1073 |
public function __unset($name)
|
|
|
1074 |
{
|
|
|
1075 |
switch ($name) {
|
|
|
1076 |
// q: does this make sense at all?
|
|
|
1077 |
case 'accept':
|
|
|
1078 |
$this->logDeprecation('Unsetting property XMLParser::' . $name . ' is deprecated');
|
|
|
1079 |
unset($this->current_parsing_options['accept']);
|
|
|
1080 |
break;
|
|
|
1081 |
case '_xh':
|
|
|
1082 |
case 'xmlrpc_valid_parents':
|
|
|
1083 |
$this->logDeprecation('Unsetting property XMLParser::' . $name . ' is deprecated');
|
|
|
1084 |
unset($this->$name);
|
|
|
1085 |
break;
|
|
|
1086 |
default:
|
|
|
1087 |
/// @todo throw instead? There are very few other places where the lib trigger errors which can potentially reach stdout...
|
|
|
1088 |
$trace = debug_backtrace(DEBUG_BACKTRACE_IGNORE_ARGS, 1);
|
|
|
1089 |
trigger_error('Undefined property via __unset(): ' . $name . ' in ' . $trace[0]['file'] . ' on line ' . $trace[0]['line'], E_USER_WARNING);
|
|
|
1090 |
}
|
|
|
1091 |
}
|
|
|
1092 |
}
|