search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge "Import: Handle uploads with sha1 starting with 0 properly"
[mediawiki.git] / includes / libs / XmlTypeCheck.php
blob34afb68914635e0e33e5df41fe4e244cfa06e9c6
1 <?php
2 /**
3 * XML syntax and type checker.
4 *
5 * Since 1.24.2, it uses XMLReader instead of xml_parse, which gives us
6 * more control over the expansion of XML entities. When passed to the
7 * callback, entities will be fully expanded, but may report the XML is
8 * invalid if expanding the entities are likely to cause a DoS.
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
14 *
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
19 *
20 * You should have received a copy of the GNU General Public License along
21 * with this program; if not, write to the Free Software Foundation, Inc.,
22 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
23 * http://www.gnu.org/copyleft/gpl.html
24 *
25 * @file
26 */
27
28 class XmlTypeCheck {
29 /**
30 * Will be set to true or false to indicate whether the file is
31 * well-formed XML. Note that this doesn't check schema validity.
32 */
33 public $wellFormed = null;
34
35 /**
36 * Will be set to true if the optional element filter returned
37 * a match at some point.
38 */
39 public $filterMatch = false;
40
41 /**
42 * Will contain the type of filter hit if the optional element filter returned
43 * a match at some point.
44 * @var mixed
45 */
46 public $filterMatchType = false;
47
48 /**
49 * Name of the document's root element, including any namespace
50 * as an expanded URL.
51 */
52 public $rootElement = '';
53
54 /**
55 * A stack of strings containing the data of each xml element as it's processed. Append
56 * data to the top string of the stack, then pop off the string and process it when the
57 * element is closed.
58 */
59 protected $elementData = array();
60
61 /**
62 * A stack of element names and attributes, as we process them.
63 */
64 protected $elementDataContext = array();
65
66 /**
67 * Current depth of the data stack.
68 */
69 protected $stackDepth = 0;
70
71 /**
72 * Additional parsing options
73 */
74 private $parserOptions = array(
75 'processing_instruction_handler' => '',
76 );
77
78 /**
79 * @param string $input a filename or string containing the XML element
80 * @param callable $filterCallback (optional)
81 * Function to call to do additional custom validity checks from the
82 * SAX element handler event. This gives you access to the element
83 * namespace, name, attributes, and text contents.
84 * Filter should return 'true' to toggle on $this->filterMatch
85 * @param bool $isFile (optional) indicates if the first parameter is a
86 * filename (default, true) or if it is a string (false)
87 * @param array $options list of additional parsing options:
88 * processing_instruction_handler: Callback for xml_set_processing_instruction_handler
89 */
90 function __construct( $input, $filterCallback = null, $isFile = true, $options = array() ) {
91 $this->filterCallback = $filterCallback;
92 $this->parserOptions = array_merge( $this->parserOptions, $options );
93 $this->validateFromInput( $input, $isFile );
94 }
95
96 /**
97 * Alternative constructor: from filename
98 *
99 * @param string $fname the filename of an XML document
100 * @param callable $filterCallback (optional)
101 * Function to call to do additional custom validity checks from the
102 * SAX element handler event. This gives you access to the element
103 * namespace, name, and attributes, but not to text contents.
104 * Filter should return 'true' to toggle on $this->filterMatch
105 * @return XmlTypeCheck
106 */
107 public static function newFromFilename( $fname, $filterCallback = null ) {
108 return new self( $fname, $filterCallback, true );
109 }
110
111 /**
112 * Alternative constructor: from string
113 *
114 * @param string $string a string containing an XML element
115 * @param callable $filterCallback (optional)
116 * Function to call to do additional custom validity checks from the
117 * SAX element handler event. This gives you access to the element
118 * namespace, name, and attributes, but not to text contents.
119 * Filter should return 'true' to toggle on $this->filterMatch
120 * @return XmlTypeCheck
121 */
122 public static function newFromString( $string, $filterCallback = null ) {
123 return new self( $string, $filterCallback, false );
124 }
125
126 /**
127 * Get the root element. Simple accessor to $rootElement
128 *
129 * @return string
130 */
131 public function getRootElement() {
132 return $this->rootElement;
133 }
134
135
136 /**
137 * @param string $fname the filename
138 */
139 private function validateFromInput( $xml, $isFile ) {
140 $reader = new XMLReader();
141 if ( $isFile ) {
142 $s = $reader->open( $xml, null, LIBXML_NOERROR | LIBXML_NOWARNING );
143 } else {
144 $s = $reader->XML( $xml, null, LIBXML_NOERROR | LIBXML_NOWARNING );
145 }
146 if ( $s !== true ) {
147 // Couldn't open the XML
148 $this->wellFormed = false;
149 } else {
150 $oldDisable = libxml_disable_entity_loader( true );
151 $reader->setParserProperty( XMLReader::SUBST_ENTITIES, true );
152 try {
153 $this->validate( $reader );
154 } catch ( Exception $e ) {
155 // Calling this malformed, because we didn't parse the whole
156 // thing. Maybe just an external entity refernce.
157 $this->wellFormed = false;
158 $reader->close();
159 libxml_disable_entity_loader( $oldDisable );
160 throw $e;
161 }
162 $reader->close();
163 libxml_disable_entity_loader( $oldDisable );
164 }
165 }
166
167 private function readNext( XMLReader $reader ) {
168 set_error_handler( array( $this, 'XmlErrorHandler' ) );
169 $ret = $reader->read();
170 restore_error_handler();
171 return $ret;
172 }
173
174 public function XmlErrorHandler( $errno, $errstr ) {
175 $this->wellFormed = false;
176 }
177
178 private function validate( $reader ) {
179
180 // First, move through anything that isn't an element, and
181 // handle any processing instructions with the callback
182 do {
183 if ( !$this->readNext( $reader ) ) {
184 // Hit the end of the document before any elements
185 $this->wellFormed = false;
186 return;
187 }
188 if ( $reader->nodeType === XMLReader::PI ) {
189 $this->processingInstructionHandler( $reader->name, $reader->value );
190 }
191 } while ( $reader->nodeType != XMLReader::ELEMENT );
192
193 // Process the rest of the document
194 do {
195 switch ( $reader->nodeType ) {
196 case XMLReader::ELEMENT:
197 $name = $this->expandNS(
198 $reader->name,
199 $reader->namespaceURI
200 );
201 if ( $this->rootElement === '' ) {
202 $this->rootElement = $name;
203 }
204 $empty = $reader->isEmptyElement;
205 $attrs = $this->getAttributesArray( $reader );
206 $this->elementOpen( $name, $attrs );
207 if ( $empty ) {
208 $this->elementClose();
209 }
210 break;
211
212 case XMLReader::END_ELEMENT:
213 $this->elementClose();
214 break;
215
216 case XMLReader::WHITESPACE:
217 case XMLReader::SIGNIFICANT_WHITESPACE:
218 case XMLReader::CDATA:
219 case XMLReader::TEXT:
220 $this->elementData( $reader->value );
221 break;
222
223 case XMLReader::ENTITY_REF:
224 // Unexpanded entity (maybe external?),
225 // don't send to the filter (xml_parse didn't)
226 break;
227
228 case XMLReader::COMMENT:
229 // Don't send to the filter (xml_parse didn't)
230 break;
231
232 case XMLReader::PI:
233 // Processing instructions can happen after the header too
234 $this->processingInstructionHandler(
235 $reader->name,
236 $reader->value
237 );
238 break;
239 default:
240 // One of DOC, DOC_TYPE, ENTITY, END_ENTITY,
241 // NOTATION, or XML_DECLARATION
242 // xml_parse didn't send these to the filter, so we won't.
243 }
244
245 } while ( $this->readNext( $reader ) );
246
247 if ( $this->stackDepth !== 0 ) {
248 $this->wellFormed = false;
249 } elseif ( $this->wellFormed === null ) {
250 $this->wellFormed = true;
251 }
252
253 }
254
255 /**
256 * Get all of the attributes for an XMLReader's current node
257 * @param $r XMLReader
258 * @return array of attributes
259 */
260 private function getAttributesArray( XMLReader $r ) {
261 $attrs = array();
262 while ( $r->moveToNextAttribute() ) {
263 if ( $r->namespaceURI === 'http://www.w3.org/2000/xmlns/' ) {
264 // XMLReader treats xmlns attributes as normal
265 // attributes, while xml_parse doesn't
266 continue;
267 }
268 $name = $this->expandNS( $r->name, $r->namespaceURI );
269 $attrs[$name] = $r->value;
270 }
271 return $attrs;
272 }
273
274 /**
275 * @param $name element or attribute name, maybe with a full or short prefix
276 * @param $namespaceURI the namespaceURI
277 * @return string the name prefixed with namespaceURI
278 */
279 private function expandNS( $name, $namespaceURI ) {
280 if ( $namespaceURI ) {
281 $parts = explode( ':', $name );
282 $localname = array_pop( $parts );
283 return "$namespaceURI:$localname";
284 }
285 return $name;
286 }
287
288 /**
289 * @param $name
290 * @param $attribs
291 */
292 private function elementOpen( $name, $attribs ) {
293 $this->elementDataContext[] = array( $name, $attribs );
294 $this->elementData[] = '';
295 $this->stackDepth++;
296 }
297
298 /**
299 */
300 private function elementClose() {
301 list( $name, $attribs ) = array_pop( $this->elementDataContext );
302 $data = array_pop( $this->elementData );
303 $this->stackDepth--;
304 $callbackReturn = false;
305
306 if ( is_callable( $this->filterCallback ) ) {
307 $callbackReturn = call_user_func(
308 $this->filterCallback,
309 $name,
310 $attribs,
311 $data
312 );
313 }
314 if ( $callbackReturn ) {
315 // Filter hit!
316 $this->filterMatch = true;
317 $this->filterMatchType = $callbackReturn;
318 }
319 }
320
321 /**
322 * @param $data
323 */
324 private function elementData( $data ) {
325 // Collect any data here, and we'll run the callback in elementClose
326 $this->elementData[ $this->stackDepth - 1 ] .= trim( $data );
327 }
328
329 /**
330 * @param $target
331 * @param $data
332 */
333 private function processingInstructionHandler( $target, $data ) {
334 $callbackReturn = false;
335 if ( $this->parserOptions['processing_instruction_handler'] ) {
336 $callbackReturn = call_user_func(
337 $this->parserOptions['processing_instruction_handler'],
338 $target,
339 $data
340 );
341 }
342 if ( $callbackReturn ) {
343 // Filter hit!
344 $this->filterMatch = true;
345 $this->filterMatchType = $callbackReturn;
346 }
347 }
348 }
MediaWiki Core