Fixed bug #42214 (SoapServer sends clients internal PHP errors)

2026-03-26 01:02:25 +01:00 · 2007-09-05 11:20:45 +00:00
parent ee944bd1b5
commit e56466edc8
4 changed files with 66 additions and 22 deletions
--- a/1
+++ b/1
@@ -26,6 +26,7 @@ PHP                                                                        NEWS
  breaks). (Dmitry)
 - Fixed bug #42359 (xsd:list type not parsed). (Dmitry)
 - Fixed bug #42326 (SoapServer crash). (Dmitry)
+- Fixed bug #42214 (SoapServer sends clients internal PHP errors). (Dmitry)
 - Fixed bug #42086 (SoapServer return Procedure '' not present for WSIBasic
  compliant wsdl). (Dmitry)

--- a/ext/soap/php_soap.h
+++ b/ext/soap/php_soap.h
@@ -106,6 +106,7 @@ struct _soapService {
 	HashTable *class_map;
 	int        features;
 	struct _soapHeader **soap_headers_ptr;
+	int send_errors;
 };

 #define SOAP_CLASS 1
--- a/ext/soap/soap.c
+++ b/ext/soap/soap.c
@@ -1035,6 +1035,7 @@ PHP_METHOD(SoapServer, SoapServer)

 	service = emalloc(sizeof(soapService));
 	memset(service, 0, sizeof(soapService));
+	service->send_errors = 1;

 	cache_wsdl = SOAP_GLOBAL(cache);

@@ -1099,6 +1100,11 @@ PHP_METHOD(SoapServer, SoapServer)
 			cache_wsdl = Z_LVAL_PP(tmp);
 		}

+		if (zend_hash_find(ht, "send_errors", sizeof("send_errors"), (void**)&tmp) == SUCCESS &&
+		    (Z_TYPE_PP(tmp) == IS_BOOL || Z_TYPE_PP(tmp) == IS_LONG)) {
+			service->send_errors = Z_LVAL_PP(tmp);
+		}
+
 	} else if (wsdl == NULL) {
 		php_error_docref(NULL TSRMLS_CC, E_ERROR, "Invalid arguments. 'uri' option is required in nonWSDL mode.");
 	}
@@ -2129,34 +2135,46 @@ static void soap_error_handler(int error_num, const char *error_filename, const

 			char* code = SOAP_GLOBAL(error_code);
 			char buffer[1024];
-			int buffer_len;
 			zval *outbuf = NULL;
-			zval outbuflen;
-
-			INIT_ZVAL(outbuflen);
-
-#ifdef va_copy
-			va_copy(argcopy, args);
-			buffer_len = vslprintf(buffer, sizeof(buffer)-1, format, argcopy);
-			va_end(argcopy);
-#else
-			buffer_len = vslprintf(buffer, sizeof(buffer)-1, format, args);
-#endif
-			buffer[sizeof(buffer)-1]=0;
-			if (buffer_len > sizeof(buffer) - 1 || buffer_len < 0) {
-				buffer_len = sizeof(buffer) - 1;
-			}
+			zval **tmp;
+			soapServicePtr service;

 			if (code == NULL) {
 				code = "Server";
 			}
-			/* Get output buffer and send as fault detials */
-			if (php_ob_get_length(&outbuflen TSRMLS_CC) != FAILURE && Z_LVAL(outbuflen) != 0) {
-				ALLOC_INIT_ZVAL(outbuf);
-		    php_ob_get_buffer(outbuf TSRMLS_CC);
-			}
-			php_end_ob_buffer(0, 0 TSRMLS_CC);
+			if (SOAP_GLOBAL(error_object) &&
+			    Z_TYPE_P(SOAP_GLOBAL(error_object)) == IS_OBJECT &&
+			    instanceof_function(Z_OBJCE_P(SOAP_GLOBAL(error_object)), soap_server_class_entry TSRMLS_CC) &&
+		        zend_hash_find(Z_OBJPROP_P(SOAP_GLOBAL(error_object)), "service", sizeof("service"), (void **)&tmp) != FAILURE &&
+				(service = (soapServicePtr)zend_fetch_resource(tmp TSRMLS_CC, -1, "service", NULL, 1, le_service)) &&
+				!service->send_errors) {
+				strcpy(buffer, "Internal Error");
+			} else {
+				int buffer_len;
+				zval outbuflen;

+				INIT_ZVAL(outbuflen);
+
+#ifdef va_copy
+				va_copy(argcopy, args);
+				buffer_len = vslprintf(buffer, sizeof(buffer)-1, format, argcopy);
+				va_end(argcopy);
+#else
+				buffer_len = vslprintf(buffer, sizeof(buffer)-1, format, args);
+#endif
+				buffer[sizeof(buffer)-1]=0;
+				if (buffer_len > sizeof(buffer) - 1 || buffer_len < 0) {
+					buffer_len = sizeof(buffer) - 1;
+				}
+
+				/* Get output buffer and send as fault detials */
+				if (php_ob_get_length(&outbuflen TSRMLS_CC) != FAILURE && Z_LVAL(outbuflen) != 0) {
+					ALLOC_INIT_ZVAL(outbuf);
+					php_ob_get_buffer(outbuf TSRMLS_CC);
+				}
+				php_end_ob_buffer(0, 0 TSRMLS_CC);
+
+			}
 			INIT_ZVAL(fault_obj);
 			set_soap_fault(&fault_obj, NULL, code, buffer, NULL, outbuf, NULL TSRMLS_CC);
 			fault = 1;
--- a/ext/soap/tests/bugs/bug42214.phpt
+++ b/ext/soap/tests/bugs/bug42214.phpt
@@ -0,0 +1,24 @@
+--TEST--
+Bug #42214 SoapServer sends clients internal PHP errors
+--SKIPIF--
+<?php require_once('skipif.inc'); ?>
+--FILE--
+<?php
+$request = <<<EOF
+<?xml version="1.0" encoding="UTF-8"?>
+<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns1="http://localhost/server.php" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><SOAP-ENV:Body><ns1:test/></SOAP-ENV:Body></SOAP-ENV:Envelope>
+EOF;
+
+function test() {
+	$a = $b;
+	obvious_error(); // will cause an error
+}
+
+$server = new SoapServer(NULL, array('uri' =>'http://localhost/server.php',
+	'send_errors'=>0));
+$server->addFunction('test');
+$server->handle($request);
+?>
+--EXPECT--
+<?xml version="1.0" encoding="UTF-8"?>
+<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Body><SOAP-ENV:Fault><faultcode>SOAP-ENV:Server</faultcode><faultstring>Internal Error</faultstring></SOAP-ENV:Fault></SOAP-ENV:Body></SOAP-ENV:Envelope>