Setting up an empty default handler is not only useless, but actually
harmful, since internal entity-references are not resolved anymore.
From the libexpat docs[1]:
| Setting the handler with this call has the side effect of
| turning off expansion of references to internally defined general
| entities. Instead these references are passed to the default
| handler.
[1] <https://www.xml.com/pub/1999/09/expat/reference.html#setdefhandler>
. Fixed bug #76965 (INI_SCANNER_RAW doesn't strip trailing whitespace).
(Pierrick)
+- XML:
+ . Fixed bug #30875 (xml_parse_into_struct() does not resolve entities). (cmb)
+
11 Oct 2018, PHP 7.1.23
- Core:
--- /dev/null
+--TEST--
+Bug #30875 (xml_parse_into_struct() does not resolve entities)
+--SKIPIF--
+<?php
+if (!extension_loaded('xml')) die('skip xml extension not available');
+?>
+--FILE--
+<?php
+
+$xml = <<<XML
+<!DOCTYPE dtd [
+ <!ENTITY ref "ent">
+]>
+<elt att="&ref;">a&ref;</elt>
+XML;
+
+$parser = xml_parser_create();
+xml_parse_into_struct($parser, $xml, $vals);
+xml_parser_free($parser);
+var_dump($vals);
+?>
+===DONE===
+--EXPECT--
+array(1) {
+ [0]=>
+ array(5) {
+ ["tag"]=>
+ string(3) "ELT"
+ ["type"]=>
+ string(8) "complete"
+ ["level"]=>
+ int(1)
+ ["attributes"]=>
+ array(1) {
+ ["ATT"]=>
+ string(3) "ent"
+ }
+ ["value"]=>
+ string(4) "aent"
+ }
+}
+===DONE===
parser->level = 0;
parser->ltags = safe_emalloc(XML_MAXLEVEL, sizeof(char *), 0);
- XML_SetDefaultHandler(parser->parser, _xml_defaultHandler);
XML_SetElementHandler(parser->parser, _xml_startElementHandler, _xml_endElementHandler);
XML_SetCharacterDataHandler(parser->parser, _xml_characterDataHandler);
projects / php / commitdiff