Skip to content
This repository was archived by the owner on May 8, 2024. It is now read-only.

Commit

Permalink
Merge branch 'hotfix/zendframework#6200-restore-libxml-entity-loader-…
Browse files Browse the repository at this point in the history 
…in-soap-server'

Close zendframework#6200
  • Loading branch information
@Ocramius
Ocramius committed Apr 29, 2014
2 parents a086b41 + a40e770 commit e7c9de3
Show file tree
Hide file tree
Showing 2 changed files with 25 additions and 2 deletions.
5 changes: 3 additions & 2 deletions library/Zend/Soap/Server.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -745,11 +745,13 @@ protected function _setRequest($request)
}
$xml = trim($xml);

libxml_disable_entity_loader(true);
$loadEntities = libxml_disable_entity_loader(true);

$dom = new DOMDocument();
$loadStatus = $dom->loadXML($xml);

libxml_disable_entity_loader($loadEntities);

// @todo check libxml errors ? validate document ?
if (strlen($xml) == 0 || !$loadStatus) {
throw new Exception\InvalidArgumentException('Invalid XML');
Expand All @@ -760,7 +762,6 @@ protected function _setRequest($request)
throw new Exception\InvalidArgumentException('Invalid XML: Detected use of illegal DOCTYPE');
}
}
libxml_disable_entity_loader(false);
}

$this->request = $xml;
Expand Down
22 changes: 22 additions & 0 deletions tests/ZendTest/Soap/ServerTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -968,4 +968,26 @@ public function testGetSoapInternalInstance()
$this->assertInstanceOf('\SoapServer', $internalServer);
$this->assertSame($internalServer, $server->getSoap());
}

public function testDisableEntityLoaderAfterException()
{
$server = new Server();
$server->setOptions(array('location'=>'test://', 'uri'=>'http://framework.zend.com'));
$server->setReturnResponse(true);
$server->setClass('\ZendTest\Soap\TestAsset\ServerTestClass');
$loadEntities = libxml_disable_entity_loader(false);

// Doing a request that is guaranteed to cause an exception in Server::_setRequest():
$invalidRequest = '---';
$response = @$server->handle($invalidRequest);

// Sanity check; making sure that an exception has been triggered:
$this->assertInstanceOf('\SoapFault', $response);

// The "disable entity loader" setting should be restored to "false" after the exception is raised:
$this->assertFalse(libxml_disable_entity_loader());

// Cleanup; restoring original setting:
libxml_disable_entity_loader($loadEntities);
}
}

0 comments on commit e7c9de3

Please sign in to comment.