12 * obtain it through the world-wide-web, please send an email |
12 * obtain it through the world-wide-web, please send an email |
13 * to license@zend.com so we can send you a copy immediately. |
13 * to license@zend.com so we can send you a copy immediately. |
14 * |
14 * |
15 * @category Zend |
15 * @category Zend |
16 * @package Zend_Controller |
16 * @package Zend_Controller |
17 * @copyright Copyright (c) 2005-2010 Zend Technologies USA Inc. (http://www.zend.com) |
17 * @copyright Copyright (c) 2005-2012 Zend Technologies USA Inc. (http://www.zend.com) |
18 * @license http://framework.zend.com/license/new-bsd New BSD License |
18 * @license http://framework.zend.com/license/new-bsd New BSD License |
19 */ |
19 */ |
20 |
20 |
21 /** |
21 /** |
22 * Zend_XmlRpc_Value |
22 * Zend_XmlRpc_Value |
33 * |
33 * |
34 * Container for accessing an XMLRPC return value and creating the XML response. |
34 * Container for accessing an XMLRPC return value and creating the XML response. |
35 * |
35 * |
36 * @category Zend |
36 * @category Zend |
37 * @package Zend_XmlRpc |
37 * @package Zend_XmlRpc |
38 * @copyright Copyright (c) 2005-2010 Zend Technologies USA Inc. (http://www.zend.com) |
38 * @copyright Copyright (c) 2005-2012 Zend Technologies USA Inc. (http://www.zend.com) |
39 * @license http://framework.zend.com/license/new-bsd New BSD License |
39 * @license http://framework.zend.com/license/new-bsd New BSD License |
40 * @version $Id: Response.php 21359 2010-03-07 00:54:02Z lars $ |
40 * @version $Id: Response.php 25033 2012-08-17 19:50:08Z matthew $ |
41 */ |
41 */ |
42 class Zend_XmlRpc_Response |
42 class Zend_XmlRpc_Response |
43 { |
43 { |
44 /** |
44 /** |
45 * Return value |
45 * Return value |
174 $this->_fault = new Zend_XmlRpc_Fault(650); |
174 $this->_fault = new Zend_XmlRpc_Fault(650); |
175 $this->_fault->setEncoding($this->getEncoding()); |
175 $this->_fault->setEncoding($this->getEncoding()); |
176 return false; |
176 return false; |
177 } |
177 } |
178 |
178 |
|
179 // @see ZF-12293 - disable external entities for security purposes |
|
180 $loadEntities = libxml_disable_entity_loader(true); |
|
181 $useInternalXmlErrors = libxml_use_internal_errors(true); |
179 try { |
182 try { |
180 $useInternalXmlErrors = libxml_use_internal_errors(true); |
183 $dom = new DOMDocument; |
|
184 $dom->loadXML($response); |
|
185 foreach ($dom->childNodes as $child) { |
|
186 if ($child->nodeType === XML_DOCUMENT_TYPE_NODE) { |
|
187 require_once 'Zend/XmlRpc/Exception.php'; |
|
188 throw new Zend_XmlRpc_Exception( |
|
189 'Invalid XML: Detected use of illegal DOCTYPE' |
|
190 ); |
|
191 } |
|
192 } |
|
193 // TODO: Locate why this passes tests but a simplexml import doesn't |
|
194 // $xml = simplexml_import_dom($dom); |
181 $xml = new SimpleXMLElement($response); |
195 $xml = new SimpleXMLElement($response); |
|
196 libxml_disable_entity_loader($loadEntities); |
182 libxml_use_internal_errors($useInternalXmlErrors); |
197 libxml_use_internal_errors($useInternalXmlErrors); |
183 } catch (Exception $e) { |
198 } catch (Exception $e) { |
|
199 libxml_disable_entity_loader($loadEntities); |
184 libxml_use_internal_errors($useInternalXmlErrors); |
200 libxml_use_internal_errors($useInternalXmlErrors); |
185 // Not valid XML |
201 // Not valid XML |
186 $this->_fault = new Zend_XmlRpc_Fault(651); |
202 $this->_fault = new Zend_XmlRpc_Fault(651); |
187 $this->_fault->setEncoding($this->getEncoding()); |
203 $this->_fault->setEncoding($this->getEncoding()); |
188 return false; |
204 return false; |
203 return false; |
219 return false; |
204 } |
220 } |
205 |
221 |
206 try { |
222 try { |
207 if (!isset($xml->params) || !isset($xml->params->param) || !isset($xml->params->param->value)) { |
223 if (!isset($xml->params) || !isset($xml->params->param) || !isset($xml->params->param->value)) { |
|
224 require_once 'Zend/XmlRpc/Value/Exception.php'; |
208 throw new Zend_XmlRpc_Value_Exception('Missing XML-RPC value in XML'); |
225 throw new Zend_XmlRpc_Value_Exception('Missing XML-RPC value in XML'); |
209 } |
226 } |
210 $valueXml = $xml->params->param->value->asXML(); |
227 $valueXml = $xml->params->param->value->asXML(); |
211 $value = Zend_XmlRpc_Value::getXmlRpcValue($valueXml, Zend_XmlRpc_Value::XML_STRING); |
228 $value = Zend_XmlRpc_Value::getXmlRpcValue($valueXml, Zend_XmlRpc_Value::XML_STRING); |
212 } catch (Zend_XmlRpc_Value_Exception $e) { |
229 } catch (Zend_XmlRpc_Value_Exception $e) { |