Thanks to visit codestin.com
Credit goes to github.com

Skip to content
This repository was archived by the owner on Jan 8, 2020. It is now read-only.

Fix: Exceptions raised in Soap/Server can leave XML entity loader disabled. #6200

Merged
Ocramius merged 2 commits into from
Apr 29, 2014
Merged

Fix: Exceptions raised in Soap/Server can leave XML entity loader disabled. #6200

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
e6c1bf0
Fix: Exceptions raised in Soap/Server can leave XML entity loader
markkirchner Apr 28, 2014
a40e770
Fix: Exceptions raised in Soap/Server can leave XML entity loader dis…
markkirchner Apr 28, 2014
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 3 additions & 2 deletions library/Zend/Soap/Server.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -745,11 +745,13 @@ protected function _setRequest($request)
}
$xml = trim($xml);

libxml_disable_entity_loader(true);
$loadEntities = libxml_disable_entity_loader(true);

$dom = new DOMDocument();
$loadStatus = $dom->loadXML($xml);

libxml_disable_entity_loader($loadEntities);

// @todo check libxml errors ? validate document ?
if (strlen($xml) == 0 || !$loadStatus) {
throw new Exception\InvalidArgumentException('Invalid XML');
Expand All @@ -760,7 +762,6 @@ protected function _setRequest($request)
throw new Exception\InvalidArgumentException('Invalid XML: Detected use of illegal DOCTYPE');
}
}
libxml_disable_entity_loader(false);
}

$this->request = $xml;
Expand Down
22 changes: 22 additions & 0 deletions tests/ZendTest/Soap/ServerTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -968,4 +968,26 @@ public function testGetSoapInternalInstance()
$this->assertInstanceOf('\SoapServer', $internalServer);
$this->assertSame($internalServer, $server->getSoap());
}

public function testDisableEntityLoaderAfterException()
{
$server = new Server();
$server->setOptions(array('location'=>'test://', 'uri'=>'http://framework.zend.com'));
$server->setReturnResponse(true);
$server->setClass('\ZendTest\Soap\TestAsset\ServerTestClass');
$loadEntities = libxml_disable_entity_loader(false);

// Doing a request that is guaranteed to cause an exception in Server::_setRequest():
$invalidRequest = '---';
$response = @$server->handle($invalidRequest);

// Sanity check; making sure that an exception has been triggered:
$this->assertInstanceOf('\SoapFault', $response);

// The "disable entity loader" setting should be restored to "false" after the exception is raised:
$this->assertFalse(libxml_disable_entity_loader());

// Cleanup; restoring original setting:
libxml_disable_entity_loader($loadEntities);
}
}