r54828 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r54827‎ \| r54828 \| r54829 >
Date:	23:23, 11 August 2009
Author:	brion
Status:	ok (Comments)
Tags:
Comment:	Add an install/update-time test for the PHP+libxml2 horrible XML input corruption bug. Now need to find a known-bad system to confirm the test on :D
Modified paths:	/trunk/phase3/install-utils.inc (modified) (history)

Diff [purge]

Index: trunk/phase3/install-utils.inc
—	—	@@ -33,6 +33,16 @@
34	34	"or higher. ABORTING. (http://bugs.php.net/bug.php?id=34879 for details)\n";
35	35	die( -1 );
36	36	}
	37	+
	38	+ $test = new PhpXmlBugTester();
	39	+ if( !$test->ok ) {
	40	+ echo "Your system has a combination of PHP and libxml2 versions which is buggy\n" .
	41	+ "and can cause hidden data corruption in MediaWiki and other web apps.\n" .
	42	+ "Upgrade to PHP 5.2.9 or later and libxml2 2.7.2 or later!\n" .
	43	+ "ABORTING (http://bugs.php.net/bug.php?id=45996 for details).\n";
	44	+ die( -1 );
	45	+ }
	46	+
37	47
38	48	global $wgCommandLineMode;
39	49	$wgCommandLineMode = true;
—	—	@@ -40,6 +50,28 @@
41	51	@set_time_limit( 0 );
42	52	}
43	53
	54	+/**
	55	+ * Test for PHP+libxml2 bug which breaks XML input subtly with certain versions.
	56	+ * http://bugs.php.net/bug.php?id=45996
	57	+ * Known fixed with PHP 5.2.9 + libxml2-2.7.3
	58	+ */
	59	+class PhpXmlBugTester {
	60	+ var $parsedData = '';
	61	+ var $ok = false;
	62	+ function __construct() {
	63	+ $charData = '<b>c</b>';
	64	+ $xml = '<a>' . htmlspecialchars( $charData ) . '</a>';
	65	+
	66	+ $parser = xml_parser_create();
	67	+ xml_set_character_data_handler( $parser, array( $this, 'chardata' ) );
	68	+ $parsedOk = xml_parse($parser, $xml, true);
	69	+ $this->ok = $parsedOk && ($this->parsedData == $charData);
	70	+ }
	71	+ function chardata($parser, $data) {
	72	+ $this->parsedData .= $data;
	73	+ }
	74	+}
	75	+
44	76	function readconsole( $prompt = '' ) {
45	77	static $isatty = null;
46	78	if ( is_null( $isatty ) ) {

Follow-up revisions

Revision	Commit summary	Author	Date
r54975	Merge r54828 check for libxml2 2.7 data corruption issue (bug 16554). Install...	brion	22:05, 13 August 2009
r57568	Fix error message for libxml bug from r54828...	simetrical	16:27, 9 October 2009
r57570	Backport r57568: Fix error message for libxml bug from r54828...	simetrical	16:38, 9 October 2009

Comments

#Comment by Simetrical (talk | contribs) 16:29, 9 October 2009

Does this really warrant an uncircumventable fatal error on install? If this is only a problem for import/export, maybe we could just raise a warning and disable those? The user *might* have other apps they care about that are broken by the bug, but it's perfectly possible they don't, and there's no reason to flat-out prohibit installation in that case.

#Comment by Brion VIBBER (talk | contribs) 16:50, 9 October 2009

We don't really have a clear idea what else it may break internally (other core bits, extensions, processing of SVG files, etc) or externally. It's a seriously broken configuration that's devilishly hard to track down and causes non-obvious bugs.

If someone is really that serious about installing in such a broken environment they can of course comment out the check... but IMO that'd be a really bad idea.

Status & tagging log

06:51, 11 December 2009 Tim Starling (talk | contribs) changed the status of r54828 [removed: fixme added: ok]
16:29, 9 October 2009 Simetrical (talk | contribs) changed the status of r54828 [removed: ok added: fixme]
00:49, 19 August 2009 Brion VIBBER (talk | contribs) changed the status of r54828 [removed: new added: ok]