From beeef2e82245ff9ff2fcc73a7fb8c55f7eee45f5 Mon Sep 17 00:00:00 2001 From: Brion Vibber Date: Tue, 11 Aug 2009 23:23:46 +0000 Subject: [PATCH] Add an install/update-time test for the PHP+libxml2 horrible XML input corruption bug. Now need to find a known-bad system to confirm the test on :D --- install-utils.inc | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/install-utils.inc b/install-utils.inc index 473cdf56a7..d8f73ceb04 100644 --- a/install-utils.inc +++ b/install-utils.inc @@ -33,6 +33,16 @@ function install_version_checks() { "or higher. ABORTING. (http://bugs.php.net/bug.php?id=34879 for details)\n"; die( -1 ); } + + $test = new PhpXmlBugTester(); + if( !$test->ok ) { + echo "Your system has a combination of PHP and libxml2 versions which is buggy\n" . + "and can cause hidden data corruption in MediaWiki and other web apps.\n" . + "Upgrade to PHP 5.2.9 or later and libxml2 2.7.2 or later!\n" . + "ABORTING (http://bugs.php.net/bug.php?id=45996 for details).\n"; + die( -1 ); + } + global $wgCommandLineMode; $wgCommandLineMode = true; @@ -40,6 +50,28 @@ function install_version_checks() { @set_time_limit( 0 ); } +/** + * Test for PHP+libxml2 bug which breaks XML input subtly with certain versions. + * http://bugs.php.net/bug.php?id=45996 + * Known fixed with PHP 5.2.9 + libxml2-2.7.3 + */ +class PhpXmlBugTester { + var $parsedData = ''; + var $ok = false; + function __construct() { + $charData = 'c'; + $xml = '' . htmlspecialchars( $charData ) . ''; + + $parser = xml_parser_create(); + xml_set_character_data_handler( $parser, array( $this, 'chardata' ) ); + $parsedOk = xml_parse($parser, $xml, true); + $this->ok = $parsedOk && ($this->parsedData == $charData); + } + function chardata($parser, $data) { + $this->parsedData .= $data; + } +} + function readconsole( $prompt = '' ) { static $isatty = null; if ( is_null( $isatty ) ) { -- 2.20.1