Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ext/soap: Don't call readfile() userland function #17432

Merged
merged 6 commits into from
Jan 15, 2025
Merged
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Next Next commit
ext/soap: Add some SoapServer tests
Girgias committed Jan 11, 2025
commit 51c2cf0f56f4649fa5119c9c3a7366c18bad516e
Original file line number Diff line number Diff line change
@@ -0,0 +1,78 @@
--TEST--
SoapServer handle with WSDL that has disappeared
--EXTENSIONS--
soap
--GET--
WSDL
--FILE--
<?php
$wsdlFile = __DIR__ . '/test_handle_non_existent_wsdl.wsdl';
Girgias marked this conversation as resolved.
Show resolved Hide resolved

$wsdl = <<<'WSDL'
<?xml version="1.0" ?>
<definitions
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
xmlns="http://schemas.xmlsoap.org/wsdl/">

<types>
<xsd:schema targetNamespace="http://linuxsrv.home/~dmitry/soap/test.wsdl">
<xsd:import namespace="http://schemas.xmlsoap.org/soap/encoding/" />
<xsd:import namespace="http://schemas.xmlsoap.org/wsdl/" />
</xsd:schema>
</types>

<message name="AddRequest">
<part name="x" type="xsd:double" />
<part name="y" type="xsd:double" />
</message>
<message name="AddResponse">
<part name="result" type="xsd:double" />
</message>

<portType name="TestServicePortType">
<operation name="Add">
<input message="tns:AddRequest" />
<output message="tns:AddResponse" />
</operation>
</portType>

<binding name="TestServiceBinding" type="tns:TestServicePortType">
<soap:binding style="rpc" transport="http://schemas.xmlsoap.org/soap/http" />
<operation name="Add">
<soap:operation soapAction="Add" style="rpc" />
<input>
<soap:body use="encoded" encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" />
</input>
<output>
<soap:body use="encoded" encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" />
</output>
</operation>
</binding>

<service name="TestService">
<port name="TestServicePort" binding="tns:TestServiceBinding">
<soap:address location="http://linuxsrv.home/~dmitry/soap/soap_server.php" />
</port>
</service>

</definitions>
WSDL;

file_put_contents($wsdlFile, $wsdl);

$options = [];
$server = new SoapServer($wsdlFile, $options);

unlink($wsdlFile);

$server->handle();

?>
--CLEAN--
<?php
$wsdlFile = __DIR__ . '/test_handle_non_existent_wsdl.wsdl';
@unlink($wsdlFile);
?>
--EXPECT--
Original file line number Diff line number Diff line change
@@ -0,0 +1,84 @@
--TEST--
SoapServer handle with WSDL that has disappeared and disabled readfile function
--EXTENSIONS--
soap
--GET--
WSDL
--INI--
disable_functions=readfile
--FILE--
<?php
$wsdlFile = __DIR__ . '/test_handle_non_existent_wsdl.wsdl';

$wsdl = <<<'WSDL'
<?xml version="1.0" ?>
<definitions
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
xmlns="http://schemas.xmlsoap.org/wsdl/">

<types>
<xsd:schema targetNamespace="http://linuxsrv.home/~dmitry/soap/test.wsdl">
<xsd:import namespace="http://schemas.xmlsoap.org/soap/encoding/" />
<xsd:import namespace="http://schemas.xmlsoap.org/wsdl/" />
</xsd:schema>
</types>

<message name="AddRequest">
<part name="x" type="xsd:double" />
<part name="y" type="xsd:double" />
</message>
<message name="AddResponse">
<part name="result" type="xsd:double" />
</message>

<portType name="TestServicePortType">
<operation name="Add">
<input message="tns:AddRequest" />
<output message="tns:AddResponse" />
</operation>
</portType>

<binding name="TestServiceBinding" type="tns:TestServicePortType">
<soap:binding style="rpc" transport="http://schemas.xmlsoap.org/soap/http" />
<operation name="Add">
<soap:operation soapAction="Add" style="rpc" />
<input>
<soap:body use="encoded" encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" />
</input>
<output>
<soap:body use="encoded" encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" />
</output>
</operation>
</binding>

<service name="TestService">
<port name="TestServicePort" binding="tns:TestServiceBinding">
<soap:address location="http://linuxsrv.home/~dmitry/soap/soap_server.php" />
</port>
</service>

</definitions>
WSDL;

file_put_contents($wsdlFile, $wsdl);

$options = [];
$server = new SoapServer($wsdlFile, $options);

unlink($wsdlFile);

try {
Girgias marked this conversation as resolved.
Show resolved Hide resolved
$server->handle();
} catch (Throwable $e) {
echo $e::class, ': ', $e->getMessage(), PHP_EOL;
}
?>
--CLEAN--
<?php
$wsdlFile = __DIR__ . '/test_handle_non_existent_wsdl.wsdl';
@unlink($wsdlFile);
?>
--EXPECT--
Error: Invalid callback readfile, function "readfile" not found or invalid function name
Original file line number Diff line number Diff line change
@@ -0,0 +1,88 @@
--TEST--
Girgias marked this conversation as resolved.
Show resolved Hide resolved
SoapServer handle with WSDL that has disappeared and disabled and redefined readfile function
--EXTENSIONS--
soap
--GET--
WSDL
--INI--
disable_functions=readfile
--FILE--
<?php
$wsdlFile = __DIR__ . '/test_handle_non_existent_wsdl.wsdl';

$wsdl = <<<'WSDL'
<?xml version="1.0" ?>
<definitions
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
xmlns="http://schemas.xmlsoap.org/wsdl/">

<types>
<xsd:schema targetNamespace="http://linuxsrv.home/~dmitry/soap/test.wsdl">
<xsd:import namespace="http://schemas.xmlsoap.org/soap/encoding/" />
<xsd:import namespace="http://schemas.xmlsoap.org/wsdl/" />
</xsd:schema>
</types>

<message name="AddRequest">
<part name="x" type="xsd:double" />
<part name="y" type="xsd:double" />
</message>
<message name="AddResponse">
<part name="result" type="xsd:double" />
</message>

<portType name="TestServicePortType">
<operation name="Add">
<input message="tns:AddRequest" />
<output message="tns:AddResponse" />
</operation>
</portType>

<binding name="TestServiceBinding" type="tns:TestServicePortType">
<soap:binding style="rpc" transport="http://schemas.xmlsoap.org/soap/http" />
<operation name="Add">
<soap:operation soapAction="Add" style="rpc" />
<input>
<soap:body use="encoded" encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" />
</input>
<output>
<soap:body use="encoded" encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" />
</output>
</operation>
</binding>

<service name="TestService">
<port name="TestServicePort" binding="tns:TestServiceBinding">
<soap:address location="http://linuxsrv.home/~dmitry/soap/soap_server.php" />
</port>
</service>

</definitions>
WSDL;

function readfile(string $str) {
throw new Exception('BOO');
}

file_put_contents($wsdlFile, $wsdl);

$options = [];
$server = new SoapServer($wsdlFile, $options);

unlink($wsdlFile);

try {
$server->handle();
} catch (Throwable $e) {
echo $e::class, ': ', $e->getMessage(), PHP_EOL;
}
?>
--CLEAN--
<?php
$wsdlFile = __DIR__ . '/test_handle_non_existent_wsdl.wsdl';
@unlink($wsdlFile);
?>
--EXPECT--
Exception: BOO