3 namespace PhpXmlRpc\Helper;
5 use PhpXmlRpc\PhpXmlRpc;
9 * Deals with parsing the XML.
13 // used to store state during parsing
14 // quick explanation of components:
15 // ac - used to accumulate values
16 // stack - array with genealogy of xml elements names:
17 // used to validate nesting of xmlrpc elements
18 // valuestack - array used for parsing arrays and structs
19 // lv - used to indicate "looking for a value": implements
20 // the logic to allow values with no types to be strings
21 // isf - used to indicate a parsing fault (2) or xmlrpc response fault (1)
22 // isf_reason - used for storing xmlrpc response fault string
23 // method - used to store method name
24 // params - used to store parameters in method calls
25 // pt - used to store the type of each received parameter. Useful if parameters are automatically decoded to php values
26 // rt - 'methodcall or 'methodresponse'
30 'valuestack' => array(),
33 'method' => false, // so we can check later if we got a methodname or not
39 public $xmlrpc_valid_parents = array(
40 'VALUE' => array('MEMBER', 'DATA', 'PARAM', 'FAULT'),
41 'BOOLEAN' => array('VALUE'),
42 'I4' => array('VALUE'),
43 'INT' => array('VALUE'),
44 'STRING' => array('VALUE'),
45 'DOUBLE' => array('VALUE'),
46 'DATETIME.ISO8601' => array('VALUE'),
47 'BASE64' => array('VALUE'),
48 'MEMBER' => array('STRUCT'),
49 'NAME' => array('MEMBER'),
50 'DATA' => array('ARRAY'),
51 'ARRAY' => array('VALUE'),
52 'STRUCT' => array('VALUE'),
53 'PARAM' => array('PARAMS'),
54 'METHODNAME' => array('METHODCALL'),
55 'PARAMS' => array('METHODCALL', 'METHODRESPONSE'),
56 'FAULT' => array('METHODRESPONSE'),
57 'NIL' => array('VALUE'), // only used when extension activated
58 'EX:NIL' => array('VALUE'), // only used when extension activated
62 * xml parser handler function for opening element tags.
64 public function xmlrpc_se($parser, $name, $attrs, $acceptSingleVals = false)
66 // if invalid xmlrpc already detected, skip all processing
67 if ($this->_xh['isf'] < 2) {
68 // check for correct element nesting
69 // top level element can only be of 2 types
70 /// @todo optimization creep: save this check into a bool variable, instead of using count() every time:
71 /// there is only a single top level element in xml anyway
72 if (count($this->_xh['stack']) == 0) {
73 if ($name != 'METHODRESPONSE' && $name != 'METHODCALL' && (
74 $name != 'VALUE' && !$acceptSingleVals)
76 $this->_xh['isf'] = 2;
77 $this->_xh['isf_reason'] = 'missing top level xmlrpc element';
81 $this->_xh['rt'] = strtolower($name);
84 // not top level element: see if parent is OK
85 $parent = end($this->_xh['stack']);
86 if (!array_key_exists($name, $this->xmlrpc_valid_parents) || !in_array($parent, $this->xmlrpc_valid_parents[$name])) {
87 $this->_xh['isf'] = 2;
88 $this->_xh['isf_reason'] = "xmlrpc element $name cannot be child of $parent";
95 // optimize for speed switch cases: most common cases first
97 /// @todo we could check for 2 VALUE elements inside a MEMBER or PARAM element
98 $this->_xh['vt'] = 'value'; // indicator: no value found yet
99 $this->_xh['ac'] = '';
100 $this->_xh['lv'] = 1;
101 $this->_xh['php_class'] = null;
108 case 'DATETIME.ISO8601':
110 if ($this->_xh['vt'] != 'value') {
111 //two data elements inside a value: an error occurred!
112 $this->_xh['isf'] = 2;
113 $this->_xh['isf_reason'] = "$name element following a {$this->_xh['vt']} element inside a single value";
117 $this->_xh['ac'] = ''; // reset the accumulator
121 if ($this->_xh['vt'] != 'value') {
122 //two data elements inside a value: an error occurred!
123 $this->_xh['isf'] = 2;
124 $this->_xh['isf_reason'] = "$name element following a {$this->_xh['vt']} element inside a single value";
128 // create an empty array to hold child values, and push it onto appropriate stack
130 $curVal['values'] = array();
131 $curVal['type'] = $name;
132 // check for out-of-band information to rebuild php objs
133 // and in case it is found, save it
134 if (@isset($attrs['PHP_CLASS'])) {
135 $curVal['php_class'] = $attrs['PHP_CLASS'];
137 $this->_xh['valuestack'][] = $curVal;
138 $this->_xh['vt'] = 'data'; // be prepared for a data element next
141 if ($this->_xh['vt'] != 'data') {
142 //two data elements inside a value: an error occurred!
143 $this->_xh['isf'] = 2;
144 $this->_xh['isf_reason'] = "found two data elements inside an array element";
149 case 'METHODRESPONSE':
151 // valid elements that add little to processing
155 /// @todo we could check for 2 NAME elements inside a MEMBER element
156 $this->_xh['ac'] = '';
159 $this->_xh['isf'] = 1;
162 $this->_xh['valuestack'][count($this->_xh['valuestack']) - 1]['name'] = ''; // set member name to null, in case we do not find in the xml later on
163 //$this->_xh['ac']='';
164 // Drop trough intentionally
166 // clear value type, so we can check later if no value has been passed for this param/member
167 $this->_xh['vt'] = null;
171 if (PhpXmlRpc::$xmlrpc_null_extension) {
172 if ($this->_xh['vt'] != 'value') {
173 //two data elements inside a value: an error occurred!
174 $this->_xh['isf'] = 2;
175 $this->_xh['isf_reason'] = "$name element following a {$this->_xh['vt']} element inside a single value";
179 $this->_xh['ac'] = ''; // reset the accumulator
182 // we do not support the <NIL/> extension, so
183 // drop through intentionally
185 /// INVALID ELEMENT: RAISE ISF so that it is later recognized!!!
186 $this->_xh['isf'] = 2;
187 $this->_xh['isf_reason'] = "found not-xmlrpc xml element $name";
191 // Save current element name to stack, to validate nesting
192 $this->_xh['stack'][] = $name;
194 /// @todo optimization creep: move this inside the big switch() above
195 if ($name != 'VALUE') {
196 $this->_xh['lv'] = 0;
202 * Used in decoding xml chunks that might represent single xmlrpc values.
204 public function xmlrpc_se_any($parser, $name, $attrs)
206 $this->xmlrpc_se($parser, $name, $attrs, true);
210 * xml parser handler function for close element tags.
212 public function xmlrpc_ee($parser, $name, $rebuildXmlrpcvals = true)
214 if ($this->_xh['isf'] < 2) {
215 // push this element name from stack
216 // NB: if XML validates, correct opening/closing is guaranteed and
217 // we do not have to check for $name == $currElem.
218 // we also checked for proper nesting at start of elements...
219 $currElem = array_pop($this->_xh['stack']);
223 // This if() detects if no scalar was inside <VALUE></VALUE>
224 if ($this->_xh['vt'] == 'value') {
225 $this->_xh['value'] = $this->_xh['ac'];
226 $this->_xh['vt'] = Value::$xmlrpcString;
229 if ($rebuildXmlrpcvals) {
230 // build the xmlrpc val out of the data received, and substitute it
231 $temp = new Value($this->_xh['value'], $this->_xh['vt']);
232 // in case we got info about underlying php class, save it
233 // in the object we're rebuilding
234 if (isset($this->_xh['php_class'])) {
235 $temp->_php_class = $this->_xh['php_class'];
237 // check if we are inside an array or struct:
238 // if value just built is inside an array, let's move it into array on the stack
239 $vscount = count($this->_xh['valuestack']);
240 if ($vscount && $this->_xh['valuestack'][$vscount - 1]['type'] == 'ARRAY') {
241 $this->_xh['valuestack'][$vscount - 1]['values'][] = $temp;
243 $this->_xh['value'] = $temp;
246 /// @todo this needs to treat correctly php-serialized objects,
247 /// since std deserializing is done by php_xmlrpc_decode,
248 /// which we will not be calling...
249 if (isset($this->_xh['php_class'])) {
252 // check if we are inside an array or struct:
253 // if value just built is inside an array, let's move it into array on the stack
254 $vscount = count($this->_xh['valuestack']);
255 if ($vscount && $this->_xh['valuestack'][$vscount - 1]['type'] == 'ARRAY') {
256 $this->_xh['valuestack'][$vscount - 1]['values'][] = $this->_xh['value'];
265 case 'DATETIME.ISO8601':
267 $this->_xh['vt'] = strtolower($name);
268 /// @todo: optimization creep - remove the if/elseif cycle below
269 /// since the case() in which we are already did that
270 if ($name == 'STRING') {
271 $this->_xh['value'] = $this->_xh['ac'];
272 } elseif ($name == 'DATETIME.ISO8601') {
273 if (!preg_match('/^[0-9]{8}T[0-9]{2}:[0-9]{2}:[0-9]{2}$/', $this->_xh['ac'])) {
274 error_log('XML-RPC: ' . __METHOD__ . ': invalid value received in DATETIME: ' . $this->_xh['ac']);
276 $this->_xh['vt'] = Value::$xmlrpcDateTime;
277 $this->_xh['value'] = $this->_xh['ac'];
278 } elseif ($name == 'BASE64') {
279 /// @todo check for failure of base64 decoding / catch warnings
280 $this->_xh['value'] = base64_decode($this->_xh['ac']);
281 } elseif ($name == 'BOOLEAN') {
282 // special case here: we translate boolean 1 or 0 into PHP
283 // constants true or false.
284 // Strings 'true' and 'false' are accepted, even though the
285 // spec never mentions them (see eg. Blogger api docs)
286 // NB: this simple checks helps a lot sanitizing input, ie no
287 // security problems around here
288 if ($this->_xh['ac'] == '1' || strcasecmp($this->_xh['ac'], 'true') == 0) {
289 $this->_xh['value'] = true;
291 // log if receiving something strange, even though we set the value to false anyway
292 if ($this->_xh['ac'] != '0' && strcasecmp($this->_xh['ac'], 'false') != 0) {
293 error_log('XML-RPC: ' . __METHOD__ . ': invalid value received in BOOLEAN: ' . $this->_xh['ac']);
295 $this->_xh['value'] = false;
297 } elseif ($name == 'DOUBLE') {
299 // we must check that only 0123456789-.<space> are characters here
300 // NOTE: regexp could be much stricter than this...
301 if (!preg_match('/^[+-eE0123456789 \t.]+$/', $this->_xh['ac'])) {
302 /// @todo: find a better way of throwing an error than this!
303 error_log('XML-RPC: ' . __METHOD__ . ': non numeric value received in DOUBLE: ' . $this->_xh['ac']);
304 $this->_xh['value'] = 'ERROR_NON_NUMERIC_FOUND';
306 // it's ok, add it on
307 $this->_xh['value'] = (double)$this->_xh['ac'];
311 // we must check that only 0123456789-<space> are characters here
312 if (!preg_match('/^[+-]?[0123456789 \t]+$/', $this->_xh['ac'])) {
313 /// @todo find a better way of throwing an error than this!
314 error_log('XML-RPC: ' . __METHOD__ . ': non numeric value received in INT: ' . $this->_xh['ac']);
315 $this->_xh['value'] = 'ERROR_NON_NUMERIC_FOUND';
317 // it's ok, add it on
318 $this->_xh['value'] = (int)$this->_xh['ac'];
321 //$this->_xh['ac']=''; // is this necessary?
322 $this->_xh['lv'] = 3; // indicate we've found a value
325 $this->_xh['valuestack'][count($this->_xh['valuestack']) - 1]['name'] = $this->_xh['ac'];
328 //$this->_xh['ac']=''; // is this necessary?
329 // add to array in the stack the last element built,
330 // unless no VALUE was found
331 if ($this->_xh['vt']) {
332 $vscount = count($this->_xh['valuestack']);
333 $this->_xh['valuestack'][$vscount - 1]['values'][$this->_xh['valuestack'][$vscount - 1]['name']] = $this->_xh['value'];
335 error_log('XML-RPC: ' . __METHOD__ . ': missing VALUE inside STRUCT in received xml');
339 //$this->_xh['ac']=''; // is this necessary?
340 $this->_xh['vt'] = null; // reset this to check for 2 data elements in a row - even if they're empty
344 // fetch out of stack array of values, and promote it to current value
345 $currVal = array_pop($this->_xh['valuestack']);
346 $this->_xh['value'] = $currVal['values'];
347 $this->_xh['vt'] = strtolower($name);
348 if (isset($currVal['php_class'])) {
349 $this->_xh['php_class'] = $currVal['php_class'];
353 // add to array of params the current value,
354 // unless no VALUE was found
355 if ($this->_xh['vt']) {
356 $this->_xh['params'][] = $this->_xh['value'];
357 $this->_xh['pt'][] = $this->_xh['vt'];
359 error_log('XML-RPC: ' . __METHOD__ . ': missing VALUE inside PARAM in received xml');
363 $this->_xh['method'] = preg_replace('/^[\n\r\t ]+/', '', $this->_xh['ac']);
367 if (PhpXmlRpc::$xmlrpc_null_extension) {
368 $this->_xh['vt'] = 'null';
369 $this->_xh['value'] = null;
370 $this->_xh['lv'] = 3;
373 // drop through intentionally if nil extension not enabled
377 case 'METHORESPONSE':
380 // End of INVALID ELEMENT!
381 // shall we add an assert here for unreachable code???
388 * Used in decoding xmlrpc requests/responses without rebuilding xmlrpc Values.
390 public function xmlrpc_ee_fast($parser, $name)
392 $this->xmlrpc_ee($parser, $name, false);
396 * xml parser handler function for character data.
398 public function xmlrpc_cd($parser, $data)
400 // skip processing if xml fault already detected
401 if ($this->_xh['isf'] < 2) {
402 // "lookforvalue==3" means that we've found an entire value
403 // and should discard any further character data
404 if ($this->_xh['lv'] != 3) {
405 // G. Giunta 2006-08-23: useless change of 'lv' from 1 to 2
406 //if($this->_xh['lv']==1)
408 // if we've found text and we're just in a <value> then
409 // say we've found a value
410 //$this->_xh['lv']=2;
412 // we always initialize the accumulator before starting parsing, anyway...
413 //if(!@isset($this->_xh['ac']))
415 // $this->_xh['ac'] = '';
417 $this->_xh['ac'] .= $data;
423 * xml parser handler function for 'other stuff', ie. not char data or
424 * element start/end tag. In fact it only gets called on unknown entities...
426 public function xmlrpc_dh($parser, $data)
428 // skip processing if xml fault already detected
429 if ($this->_xh['isf'] < 2) {
430 if (substr($data, 0, 1) == '&' && substr($data, -1, 1) == ';') {
431 // G. Giunta 2006-08-25: useless change of 'lv' from 1 to 2
432 //if($this->_xh['lv']==1)
434 // $this->_xh['lv']=2;
436 $this->_xh['ac'] .= $data;
444 * xml charset encoding guessing helper function.
445 * Tries to determine the charset encoding of an XML chunk received over HTTP.
446 * NB: according to the spec (RFC 3023), if text/xml content-type is received over HTTP without a content-type,
447 * we SHOULD assume it is strictly US-ASCII. But we try to be more tolerant of non conforming (legacy?) clients/servers,
448 * which will be most probably using UTF-8 anyway...
450 * @param string $httpHeader the http Content-type header
451 * @param string $xmlChunk xml content buffer
452 * @param string $encodingPrefs comma separated list of character encodings to be used as default (when mb extension is enabled)
455 * @todo explore usage of mb_http_input(): does it detect http headers + post data? if so, use it instead of hand-detection!!!
457 public static function guessEncoding($httpHeader = '', $xmlChunk = '', $encodingPrefs = null)
459 // discussion: see http://www.yale.edu/pclt/encoding/
460 // 1 - test if encoding is specified in HTTP HEADERS
463 // LWS: (\13\10)?( |\t)+
464 // token: (any char but excluded stuff)+
465 // quoted string: " (any char but double quotes and cointrol chars)* "
466 // header: Content-type = ...; charset=value(; ...)*
467 // where value is of type token, no LWS allowed between 'charset' and value
468 // Note: we do not check for invalid chars in VALUE:
469 // this had better be done using pure ereg as below
470 // Note 2: we might be removing whitespace/tabs that ought to be left in if
471 // the received charset is a quoted string. But nobody uses such charset names...
473 /// @todo this test will pass if ANY header has charset specification, not only Content-Type. Fix it?
475 if (preg_match('/;\s*charset\s*=([^;]+)/i', $httpHeader, $matches)) {
476 return strtoupper(trim($matches[1], " \t\""));
479 // 2 - scan the first bytes of the data for a UTF-16 (or other) BOM pattern
480 // (source: http://www.w3.org/TR/2000/REC-xml-20001006)
481 // NOTE: actually, according to the spec, even if we find the BOM and determine
482 // an encoding, we should check if there is an encoding specified
483 // in the xml declaration, and verify if they match.
484 /// @todo implement check as described above?
485 /// @todo implement check for first bytes of string even without a BOM? (It sure looks harder than for cases WITH a BOM)
486 if (preg_match('/^(\x00\x00\xFE\xFF|\xFF\xFE\x00\x00|\x00\x00\xFF\xFE|\xFE\xFF\x00\x00)/', $xmlChunk)) {
488 } elseif (preg_match('/^(\xFE\xFF|\xFF\xFE)/', $xmlChunk)) {
490 } elseif (preg_match('/^(\xEF\xBB\xBF)/', $xmlChunk)) {
494 // 3 - test if encoding is specified in the xml declaration
496 // SPACE: (#x20 | #x9 | #xD | #xA)+ === [ \x9\xD\xA]+
497 // EQ: SPACE?=SPACE? === [ \x9\xD\xA]*=[ \x9\xD\xA]*
498 if (preg_match('/^<\?xml\s+version\s*=\s*' . "((?:\"[a-zA-Z0-9_.:-]+\")|(?:'[a-zA-Z0-9_.:-]+'))" .
499 '\s+encoding\s*=\s*' . "((?:\"[A-Za-z][A-Za-z0-9._-]*\")|(?:'[A-Za-z][A-Za-z0-9._-]*'))/",
500 $xmlChunk, $matches)) {
501 return strtoupper(substr($matches[2], 1, -1));
504 // 4 - if mbstring is available, let it do the guesswork
505 // NB: we favour finding an encoding that is compatible with what we can process
506 if (extension_loaded('mbstring')) {
507 if ($encodingPrefs) {
508 $enc = mb_detect_encoding($xmlChunk, $encodingPrefs);
510 $enc = mb_detect_encoding($xmlChunk);
512 // NB: mb_detect likes to call it ascii, xml parser likes to call it US_ASCII...
513 // IANA also likes better US-ASCII, so go with it
514 if ($enc == 'ASCII') {
520 // no encoding specified: as per HTTP1.1 assume it is iso-8859-1?
521 // Both RFC 2616 (HTTP 1.1) and 1945 (HTTP 1.0) clearly state that for text/xxx content types
522 // this should be the standard. And we should be getting text/xml as request and response.
523 // BUT we have to be backward compatible with the lib, which always used UTF-8 as default...
524 return PhpXmlRpc::$xmlrpc_defencoding;
529 * Helper function: checks if an xml chunk as a charset declaration (BOM or in the xml declaration)
531 * @param string $xmlChunk
534 public static function hasEncoding($xmlChunk)
536 // scan the first bytes of the data for a UTF-16 (or other) BOM pattern
537 // (source: http://www.w3.org/TR/2000/REC-xml-20001006)
538 if (preg_match('/^(\x00\x00\xFE\xFF|\xFF\xFE\x00\x00|\x00\x00\xFF\xFE|\xFE\xFF\x00\x00)/', $xmlChunk)) {
540 } elseif (preg_match('/^(\xFE\xFF|\xFF\xFE)/', $xmlChunk)) {
542 } elseif (preg_match('/^(\xEF\xBB\xBF)/', $xmlChunk)) {
546 // test if encoding is specified in the xml declaration
548 // SPACE: (#x20 | #x9 | #xD | #xA)+ === [ \x9\xD\xA]+
549 // EQ: SPACE?=SPACE? === [ \x9\xD\xA]*=[ \x9\xD\xA]*
550 if (preg_match('/^<\?xml\s+version\s*=\s*' . "((?:\"[a-zA-Z0-9_.:-]+\")|(?:'[a-zA-Z0-9_.:-]+'))" .
551 '\s+encoding\s*=\s*' . "((?:\"[A-Za-z][A-Za-z0-9._-]*\")|(?:'[A-Za-z][A-Za-z0-9._-]*'))/",
552 $xmlChunk, $matches)) {