diff options
| author | Dries Buytaert <dries@buytaert.net> | 2010-03-31 15:56:53 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2010-03-31 15:56:53 +0000 |
| commit | d054bfaa01a6018ab6305806143dffe91ce8fb92 (patch) | |
| tree | 81347e0703bc0e8961a39126e90cec24c45f2c82 | |
| parent | 108011af8b9e5c28f90d807b6e69297f8500ad80 (diff) | |
| download | brdo-d054bfaa01a6018ab6305806143dffe91ce8fb92.tar.gz brdo-d054bfaa01a6018ab6305806143dffe91ce8fb92.tar.bz2 | |
- Patch #265973 by Damien Tournoud, mr.baileys, dixon_, clemens.tolboom: XML-RPC chokes with long server response.
| -rw-r--r-- | includes/xmlrpc.inc | 15 | ||||
| -rw-r--r-- | modules/simpletest/tests/xmlrpc.test | 28 |
2 files changed, 35 insertions, 8 deletions
diff --git a/includes/xmlrpc.inc b/includes/xmlrpc.inc index 161abd83f..a3c2c1d58 100644 --- a/includes/xmlrpc.inc +++ b/includes/xmlrpc.inc @@ -150,7 +150,7 @@ function xmlrpc_message($message) { } /** - * Parse an XML-RPC message. + * Parses an XML-RPC message. * * If parsing fails, the faultCode and faultString will be added to the message * object. @@ -161,11 +161,6 @@ function xmlrpc_message($message) { * TRUE if parsing succeeded; FALSE otherwise */ function xmlrpc_message_parse($xmlrpc_message) { - // First remove the XML declaration - $xmlrpc_message->message = preg_replace('/<\?xml(.*)?\?' . '>/', '', $xmlrpc_message->message); - if (trim($xmlrpc_message->message) == '') { - return FALSE; - } $xmlrpc_message->_parser = xml_parser_create(); // Set XML parser to take the case of tags into account. xml_parser_set_option($xmlrpc_message->_parser, XML_OPTION_CASE_FOLDING, FALSE); @@ -177,9 +172,13 @@ function xmlrpc_message_parse($xmlrpc_message) { return FALSE; } xml_parser_free($xmlrpc_message->_parser); - // Grab the error messages, if any + + // Grab the error messages, if any. $xmlrpc_message = xmlrpc_message_get(); - if ($xmlrpc_message->messagetype == 'fault') { + if (!isset($xmlrpc_message->messagetype)) { + return FALSE; + } + elseif ($xmlrpc_message->messagetype == 'fault') { $xmlrpc_message->fault_code = $xmlrpc_message->params[0]['faultCode']; $xmlrpc_message->fault_string = $xmlrpc_message->params[0]['faultString']; } diff --git a/modules/simpletest/tests/xmlrpc.test b/modules/simpletest/tests/xmlrpc.test index 2212bfd1a..a9e8bca40 100644 --- a/modules/simpletest/tests/xmlrpc.test +++ b/modules/simpletest/tests/xmlrpc.test @@ -41,6 +41,34 @@ class XMLRPCBasicTestCase extends DrupalWebTestCase { $this->assertEqual($count, count($minimum), 'system.listMethods returned at least the minimum listing'); } + + /** + * Ensure that XML-RPC correctly handles invalid messages when parsing. + */ + protected function testInvalidMessageParsing() { + $invalid_messages = array( + array( + 'message' => xmlrpc_message(''), + 'assertion' => t('Empty message correctly rejected during parsing.'), + ), + array( + 'message' => xmlrpc_message('<?xml version="1.0" encoding="ISO-8859-1"?>'), + 'assertion' => t('Empty message with XML declaration correctly rejected during parsing.'), + ), + array( + 'message' => xmlrpc_message('<?xml version="1.0"?><params><param><value><string>value</string></value></param></params>'), + 'assertion' => t('Non-empty message without a valid message type is rejected during parsing.'), + ), + array( + 'message' => xmlrpc_message('<methodResponse><params><param><value><string>value</string></value></param></methodResponse>'), + 'assertion' => t('Non-empty malformed message is rejected during parsing.'), + ), + ); + + foreach ($invalid_messages as $assertion) { + $this->assertFalse(xmlrpc_message_parse($assertion['message']), $assertion['assertion']); + } + } } class XMLRPCValidator1IncTestCase extends DrupalWebTestCase { |