On NixOS we run `make` & `make check` inside `ext/soap` which broke the test
like this:
001+ Fatal error: Uncaught SoapFault exception: [WSDL] SOAP-ERROR: Parsing WSDL: Couldn't load from 'ext/soap/tests/gh15711.wsdl' : failed to load "ext/soap/tests/gh15711.wsdl": No such file or directory
002+ in /build/php-8.3.13/ext/soap/tests/gh15711.php:29
003+ Stack trace:
004+ #0 /build/php-8.3.13/ext/soap/tests/gh15711.php(29): SoapClient->__construct('ext/soap/tests/...', Array)
005+ #1 {main}
006+ thrown in /build/php-8.3.13/ext/soap/tests/gh15711.php on line 29
Fix is to make the path dependant on `__DIR__` as it's the case in other
testcases including WSDLs.
Closes GH-16733.
If get_iterator() fails, we should not destroy the object.
Also changes the check to a NULL check to be more defensive, and to
match the VM.
Closes GH-16441.
Bisect points to 94ee4f9, however this only reveals the problem.
Cloning an object on a lower branch and trying to call its methods
crashes as well. Cloning the object shouldn't be possible in the first
place because there's an engine constraint that when we have a new
object handler we should also have a clone handler. This constraint is
not fulfilled here.
Closes GH-16245.
These failures are caused by the fix for GHSA-p99j-rfp4-xqvq. Since
the two bug*.phpt tests don't need the "wsdl" query string, and don't
even need php-cgi, we just remove the `--GET--` section. The two
server*.phpt tests are harder to fix, since during evaluation of the
`--SKIPIF--` section, the soap extension can be loaded, but it may not
during evaluation of the `--FILE--` section. So for now, we skip these
tests on Windows altogether.
Co-authored-by: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
Closes GH-16084.
Apparently example.org now rejects POST requests, so we would need to
adjust the test expectation ("Method not allowed"). However, there is
no need for an online test; instead we're just using the CLI test
server. The serialization is a bit fiddly, but as long as there are
no quotes in `PHP_CLI_SERVER_ADDRESS` we're fine.
Closes GH-16063.
* PHP-8.3:
Fix GH-15711: SoapClient can't convert BackedEnum to scalar value
Use get_serialization_string_from_zval() in all encoding functions
Introduce get_serialization_string_from_zval() and use it in to_xml_string()
The one error message indeed had a wrong namespace, and in general they
weren't very descriptive, this also makes them more descriptive.
Furthermore, two additional bugs were fixed:
- Persistent memory leak of `location`.
- UAF issues when printing the error message.
Closes GH-15830.
This code is modelled after how `http_fopen_wrapper.c` does things,
which apparently is just looping over the array and handling each string
the same way as if we passed a header string directly.
Also fixes a potential crash in `php_sdl.c` but without adding support
for header arrays there (yet) because the code is untested.
Closes GH-15817.
libxml2 2.13 has different formatting behaviour: it outputs `<faultcode/>`
instead of `<faultcode></faultcode>`, and similarly for `env:Value`.
Normalize the output.
Closes GH-15801.
HTTP/1.1 does not require a single whitespace after the colon, and
SoapServer does implement HTTP/1.1. The header value is already correctly
whitespace-trimmed, so no behaviour change happens w.r.t. header values.
Closes GH-15793.
Two issues:
1) We should not modify the object when we pass invalid values
2) We should reset the properties to their default value otherwise we
get a UAF.
Regressed in df219ccf9d
Closes GH-15248.
RFC 2617 and 7616 describe that for the "Authorization" header we should
not put the qop nor nc value inside quotes. This differs from the
WWW-Authenticate header, which may have been the source of the confusion
in the implementation. While the version with quotes seems to work fine
in some cases, clearly not all servers accept the non-standard form.
To fix the issue, simply removing the quotes of those two header fields
of the client request to be in line with the RFC suffices.
I refer further to example 3.5 in RFC 2617 and example 3.9.1 in
RFC 7616.
RFC 2617: https://datatracker.ietf.org/doc/html/rfc2617
RFC 7616: https://datatracker.ietf.org/doc/html/rfc7616
Closes GH-14328.
The do_request() function that calls this methods, assumes that a string is being returned from the method
otherwise it bails out.
However, the default implementation of SoapClient::__doRequest() indicates that it can return null when it
fails to set-up and execute the HTTP SOAP request, but this always results in a SoapFault exception being
thrown, and thus cannot happen in practice.
We need to investigate further if the return type should be changed from ?string to string or not.
