1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
|
<?php
/**
* XML syntax and type checker.
*
* Since 1.24.2, it uses XMLReader instead of xml_parse, which gives us
* more control over the expansion of XML entities. When passed to the
* callback, entities will be fully expanded, but may report the XML is
* invalid if expanding the entities are likely to cause a DoS.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* http://www.gnu.org/copyleft/gpl.html
*
* @file
*/
class XmlTypeCheck {
/**
* Will be set to true or false to indicate whether the file is
* well-formed XML. Note that this doesn't check schema validity.
*/
public $wellFormed = null;
/**
* Will be set to true if the optional element filter returned
* a match at some point.
*/
public $filterMatch = false;
/**
* Will contain the type of filter hit if the optional element filter returned
* a match at some point.
* @var mixed
*/
public $filterMatchType = false;
/**
* Name of the document's root element, including any namespace
* as an expanded URL.
*/
public $rootElement = '';
/**
* A stack of strings containing the data of each xml element as it's processed. Append
* data to the top string of the stack, then pop off the string and process it when the
* element is closed.
*/
protected $elementData = [];
/**
* A stack of element names and attributes, as we process them.
*/
protected $elementDataContext = [];
/**
* Current depth of the data stack.
*/
protected $stackDepth = 0;
/**
* Additional parsing options
*/
private $parserOptions = [
'processing_instruction_handler' => '',
'external_dtd_handler' => '',
'dtd_handler' => '',
'require_safe_dtd' => true
];
/**
* Allow filtering an XML file.
*
* Filters should return either true or a string to indicate something
* is wrong with the file. $this->filterMatch will store if the
* file failed validation (true = failed validation).
* $this->filterMatchType will contain the validation error.
* $this->wellFormed will contain whether the xml file is well-formed.
*
* @note If multiple filters are hit, only one of them will have the
* result stored in $this->filterMatchType.
*
* @param string $input a filename or string containing the XML element
* @param callable $filterCallback (optional)
* Function to call to do additional custom validity checks from the
* SAX element handler event. This gives you access to the element
* namespace, name, attributes, and text contents.
* Filter should return a truthy value describing the error.
* @param bool $isFile (optional) indicates if the first parameter is a
* filename (default, true) or if it is a string (false)
* @param array $options list of additional parsing options:
* processing_instruction_handler: Callback for xml_set_processing_instruction_handler
* external_dtd_handler: Callback for the url of external dtd subset
* dtd_handler: Callback given the full text of the <!DOCTYPE declaration.
* require_safe_dtd: Only allow non-recursive entities in internal dtd (default true)
*/
function __construct( $input, $filterCallback = null, $isFile = true, $options = [] ) {
$this->filterCallback = $filterCallback;
$this->parserOptions = array_merge( $this->parserOptions, $options );
$this->validateFromInput( $input, $isFile );
}
/**
* Alternative constructor: from filename
*
* @param string $fname the filename of an XML document
* @param callable $filterCallback (optional)
* Function to call to do additional custom validity checks from the
* SAX element handler event. This gives you access to the element
* namespace, name, and attributes, but not to text contents.
* Filter should return 'true' to toggle on $this->filterMatch
* @return XmlTypeCheck
*/
public static function newFromFilename( $fname, $filterCallback = null ) {
return new self( $fname, $filterCallback, true );
}
/**
* Alternative constructor: from string
*
* @param string $string a string containing an XML element
* @param callable $filterCallback (optional)
* Function to call to do additional custom validity checks from the
* SAX element handler event. This gives you access to the element
* namespace, name, and attributes, but not to text contents.
* Filter should return 'true' to toggle on $this->filterMatch
* @return XmlTypeCheck
*/
public static function newFromString( $string, $filterCallback = null ) {
return new self( $string, $filterCallback, false );
}
/**
* Get the root element. Simple accessor to $rootElement
*
* @return string
*/
public function getRootElement() {
return $this->rootElement;
}
/**
* @param string $fname the filename
*/
private function validateFromInput( $xml, $isFile ) {
$reader = new XMLReader();
if ( $isFile ) {
$s = $reader->open( $xml, null, LIBXML_NOERROR | LIBXML_NOWARNING );
} else {
$s = $reader->XML( $xml, null, LIBXML_NOERROR | LIBXML_NOWARNING );
}
if ( $s !== true ) {
// Couldn't open the XML
$this->wellFormed = false;
} else {
$oldDisable = libxml_disable_entity_loader( true );
$reader->setParserProperty( XMLReader::SUBST_ENTITIES, true );
try {
$this->validate( $reader );
} catch ( Exception $e ) {
// Calling this malformed, because we didn't parse the whole
// thing. Maybe just an external entity refernce.
$this->wellFormed = false;
$reader->close();
libxml_disable_entity_loader( $oldDisable );
throw $e;
}
$reader->close();
libxml_disable_entity_loader( $oldDisable );
}
}
private function readNext( XMLReader $reader ) {
set_error_handler( [ $this, 'XmlErrorHandler' ] );
$ret = $reader->read();
restore_error_handler();
return $ret;
}
public function XmlErrorHandler( $errno, $errstr ) {
$this->wellFormed = false;
}
private function validate( $reader ) {
// First, move through anything that isn't an element, and
// handle any processing instructions with the callback
do {
if ( !$this->readNext( $reader ) ) {
// Hit the end of the document before any elements
$this->wellFormed = false;
return;
}
if ( $reader->nodeType === XMLReader::PI ) {
$this->processingInstructionHandler( $reader->name, $reader->value );
}
if ( $reader->nodeType === XMLReader::DOC_TYPE ) {
$this->DTDHandler( $reader );
}
} while ( $reader->nodeType != XMLReader::ELEMENT );
// Process the rest of the document
do {
switch ( $reader->nodeType ) {
case XMLReader::ELEMENT:
$name = $this->expandNS(
$reader->name,
$reader->namespaceURI
);
if ( $this->rootElement === '' ) {
$this->rootElement = $name;
}
$empty = $reader->isEmptyElement;
$attrs = $this->getAttributesArray( $reader );
$this->elementOpen( $name, $attrs );
if ( $empty ) {
$this->elementClose();
}
break;
case XMLReader::END_ELEMENT:
$this->elementClose();
break;
case XMLReader::WHITESPACE:
case XMLReader::SIGNIFICANT_WHITESPACE:
case XMLReader::CDATA:
case XMLReader::TEXT:
$this->elementData( $reader->value );
break;
case XMLReader::ENTITY_REF:
// Unexpanded entity (maybe external?),
// don't send to the filter (xml_parse didn't)
break;
case XMLReader::COMMENT:
// Don't send to the filter (xml_parse didn't)
break;
case XMLReader::PI:
// Processing instructions can happen after the header too
$this->processingInstructionHandler(
$reader->name,
$reader->value
);
break;
case XMLReader::DOC_TYPE:
// We should never see a doctype after first
// element.
$this->wellFormed = false;
break;
default:
// One of DOC, ENTITY, END_ENTITY,
// NOTATION, or XML_DECLARATION
// xml_parse didn't send these to the filter, so we won't.
}
} while ( $this->readNext( $reader ) );
if ( $this->stackDepth !== 0 ) {
$this->wellFormed = false;
} elseif ( $this->wellFormed === null ) {
$this->wellFormed = true;
}
}
/**
* Get all of the attributes for an XMLReader's current node
* @param XMLReader $r
* @return array of attributes
*/
private function getAttributesArray( XMLReader $r ) {
$attrs = [];
while ( $r->moveToNextAttribute() ) {
if ( $r->namespaceURI === 'http://www.w3.org/2000/xmlns/' ) {
// XMLReader treats xmlns attributes as normal
// attributes, while xml_parse doesn't
continue;
}
$name = $this->expandNS( $r->name, $r->namespaceURI );
$attrs[$name] = $r->value;
}
return $attrs;
}
/**
* @param string $name element or attribute name, maybe with a full or short prefix
* @param string $namespaceURI
* @return string the name prefixed with namespaceURI
*/
private function expandNS( $name, $namespaceURI ) {
if ( $namespaceURI ) {
$parts = explode( ':', $name );
$localname = array_pop( $parts );
return "$namespaceURI:$localname";
}
return $name;
}
/**
* @param string $name
* @param string $attribs
*/
private function elementOpen( $name, $attribs ) {
$this->elementDataContext[] = [ $name, $attribs ];
$this->elementData[] = '';
$this->stackDepth++;
}
private function elementClose() {
list( $name, $attribs ) = array_pop( $this->elementDataContext );
$data = array_pop( $this->elementData );
$this->stackDepth--;
$callbackReturn = false;
if ( is_callable( $this->filterCallback ) ) {
$callbackReturn = call_user_func(
$this->filterCallback,
$name,
$attribs,
$data
);
}
if ( $callbackReturn ) {
// Filter hit!
$this->filterMatch = true;
$this->filterMatchType = $callbackReturn;
}
}
/**
* @param string $data
*/
private function elementData( $data ) {
// Collect any data here, and we'll run the callback in elementClose
$this->elementData[ $this->stackDepth - 1 ] .= trim( $data );
}
/**
* @param string $target
* @param string $data
*/
private function processingInstructionHandler( $target, $data ) {
$callbackReturn = false;
if ( $this->parserOptions['processing_instruction_handler'] ) {
$callbackReturn = call_user_func(
$this->parserOptions['processing_instruction_handler'],
$target,
$data
);
}
if ( $callbackReturn ) {
// Filter hit!
$this->filterMatch = true;
$this->filterMatchType = $callbackReturn;
}
}
/**
* Handle coming across a <!DOCTYPE declaration.
*
* @param XMLReader $reader Reader currently pointing at DOCTYPE node.
*/
private function DTDHandler( XMLReader $reader ) {
$externalCallback = $this->parserOptions['external_dtd_handler'];
$generalCallback = $this->parserOptions['dtd_handler'];
$checkIfSafe = $this->parserOptions['require_safe_dtd'];
if ( !$externalCallback && !$generalCallback && !$checkIfSafe ) {
return;
}
$dtd = $reader->readOuterXml();
$callbackReturn = false;
if ( $generalCallback ) {
$callbackReturn = call_user_func( $generalCallback, $dtd );
}
if ( $callbackReturn ) {
// Filter hit!
$this->filterMatch = true;
$this->filterMatchType = $callbackReturn;
$callbackReturn = false;
}
$parsedDTD = $this->parseDTD( $dtd );
if ( $externalCallback && isset( $parsedDTD['type'] ) ) {
$callbackReturn = call_user_func(
$externalCallback,
$parsedDTD['type'],
isset( $parsedDTD['publicid'] ) ? $parsedDTD['publicid'] : null,
isset( $parsedDTD['systemid'] ) ? $parsedDTD['systemid'] : null
);
}
if ( $callbackReturn ) {
// Filter hit!
$this->filterMatch = true;
$this->filterMatchType = $callbackReturn;
$callbackReturn = false;
}
if ( $checkIfSafe && isset( $parsedDTD['internal'] ) ) {
if ( !$this->checkDTDIsSafe( $parsedDTD['internal'] ) ) {
$this->wellFormed = false;
}
}
}
/**
* Check if the internal subset of the DTD is safe.
*
* We whitelist an extremely restricted subset of DTD features.
*
* Safe is defined as:
* * Only contains entity defintions (e.g. No <!ATLIST )
* * Entity definitions are not "system" entities
* * Entity definitions are not "parameter" (i.e. %) entities
* * Entity definitions do not reference other entites except &
* and quotes. Entity aliases (where the entity contains only
* another entity are allowed)
* * Entity references aren't overly long (>255 bytes).
* * <!ATTLIST svg xmlns:xlink CDATA #FIXED "http://www.w3.org/1999/xlink">
* allowed if matched exactly for compatibility with graphviz
* * Comments.
*
* @param string $internalSubset The internal subset of the DTD
* @return bool true if safe.
*/
private function checkDTDIsSafe( $internalSubset ) {
$offset = 0;
$res = preg_match(
'/^(?:\s*<!ENTITY\s+\S+\s+' .
'(?:"(?:&[^"%&;]{1,64};|(?:[^"%&]|&|"){0,255})"' .
'|\'(?:&[^"%&;]{1,64};|(?:[^\'%&]|&|'){0,255})\')\s*>' .
'|\s*<!--(?:[^-]|-[^-])*-->' .
'|\s*<!ATTLIST svg xmlns:xlink CDATA #FIXED ' .
'"http:\/\/www.w3.org\/1999\/xlink">)*\s*$/',
$internalSubset
);
return (bool)$res;
}
/**
* Parse DTD into parts.
*
* If there is an error parsing the dtd, sets wellFormed to false.
*
* @param string $dtd
* @return array Possibly containing keys publicid, systemid, type and internal.
*/
private function parseDTD( $dtd ) {
$m = [];
$res = preg_match(
'/^<!DOCTYPE\s*\S+\s*' .
'(?:(?P<typepublic>PUBLIC)\s*' .
'(?:"(?P<pubquote>[^"]*)"|\'(?P<pubapos>[^\']*)\')' . // public identifer
'\s*"(?P<pubsysquote>[^"]*)"|\'(?P<pubsysapos>[^\']*)\'' . // system identifier
'|(?P<typesystem>SYSTEM)\s*' .
'(?:"(?P<sysquote>[^"]*)"|\'(?P<sysapos>[^\']*)\')' .
')?\s*' .
'(?:\[\s*(?P<internal>.*)\])?\s*>$/s',
$dtd,
$m
);
if ( !$res ) {
$this->wellFormed = false;
return [];
}
$parsed = [];
foreach ( $m as $field => $value ) {
if ( $value === '' || is_numeric( $field ) ) {
continue;
}
switch ( $field ) {
case 'typepublic':
case 'typesystem':
$parsed['type'] = $value;
break;
case 'pubquote':
case 'pubapos':
$parsed['publicid'] = $value;
break;
case 'pubsysquote':
case 'pubsysapos':
case 'sysquote':
case 'sysapos':
$parsed['systemid'] = $value;
break;
case 'internal':
$parsed['internal'] = $value;
break;
}
}
return $parsed;
}
}
|
