| commit | 46f5476b0c52b8b7564b40a315d92b294607257a | |
| author | Tim Starling <tstarling@wikimedia.org> | |
| Thu, 26 Jun 2014 03:31:30 +0000 (25 20:31 -0700) | ||
| committer | facebook-github-bot <githubbot@fb.com> | |
| Thu, 26 Jun 2014 04:09:36 +0000 (25 21:09 -0700) | ||
| tree | 8ee1e87b40b7a34dc852f81582f401a02a6de290 | treesnapshot (tar.gz zip) |
| parent | 3b400963bc9f045e084550d55442504eb4c56bed | commitdiff |
wddx_deserialize() systemlib improvements
Summary: * Use stream_get_contents() instead of a loop of fgets(). Loops that read files are deceptively tricky -- it's possible to hit an error in which fgets() permanently returns false but with feof() being false, for example NFS server failure, which would cause an infinite busy loop with the previous code.
* Do not accept SimpleXMLElement objects as input -- this was a hack to allow recursive parsing without creating another global function. Achieve the same ends using a closure instead.
* Do not attempt to call $packet->getName() on any input that is not a string or resource. Instead mimic Zend and give a warning.
* Check for errors from simplexml_load_string(), instead of giving a fatal error due to calling false->xpath().
* Ignore malformed input in various cases, skipping array members etc., instead of assuming the XML is always perfect and inevitably hitting a fatal error due to invalid method calls. This is somewhat similar to what Zend does -- probably not identical though.
* Added a test case for malformed input based on the motivating unit test from MediaWiki.
Applied formatting patch from: http://noc.wikimedia.org/~ori/pr2991-fixups.patch
Closes #2991
Reviewed By: @ptarjan
Differential Revision: D1397192
Pulled By: @JoelMarcey
Summary: * Use stream_get_contents() instead of a loop of fgets(). Loops that read files are deceptively tricky -- it's possible to hit an error in which fgets() permanently returns false but with feof() being false, for example NFS server failure, which would cause an infinite busy loop with the previous code.
* Do not accept SimpleXMLElement objects as input -- this was a hack to allow recursive parsing without creating another global function. Achieve the same ends using a closure instead.
* Do not attempt to call $packet->getName() on any input that is not a string or resource. Instead mimic Zend and give a warning.
* Check for errors from simplexml_load_string(), instead of giving a fatal error due to calling false->xpath().
* Ignore malformed input in various cases, skipping array members etc., instead of assuming the XML is always perfect and inevitably hitting a fatal error due to invalid method calls. This is somewhat similar to what Zend does -- probably not identical though.
* Added a test case for malformed input based on the motivating unit test from MediaWiki.
Applied formatting patch from: http://noc.wikimedia.org/~ori/pr2991-fixups.patch
Closes #2991
Reviewed By: @ptarjan
Differential Revision: D1397192
Pulled By: @JoelMarcey
| hphp/runtime/ext/wddx/ext_wddx.php | diffblobblamehistory | |
| hphp/test/slow/ext_wddx/malformed.php | [new file with mode: 0644] | blob |
| hphp/test/slow/ext_wddx/malformed.php.expect | [new file with mode: 0644] | blob |