ID: 45966
Comment by: kostya dot chumickin at gmail dot com
Reported By: chammers at netcologne dot de
Status: Open
Bug Type: SOAP related
Operating System: Linux
PHP Version: 5.2.6
New Comment:
I've experienced this issue too.
As for me it's almost critical.
Any progress here? Do we have at least a patch or workaraund ?
Thanks!
Previous Comments:
------------------------------------------------------------------------
[2008-09-01 17:24:00] chammers at netcologne dot de
Description:
------------
When receiving a SOAP request, SoapServer does not properly validate if
it matches the given WSDL.
Invalid elements are simply surpressed and not passed through to the
called function.
I would expect the SoapServer->handler() to raise an Exception so that
the program can decide if it terminates or go ahead with all parameters
it can get.
bye,
-christian-
Reproduce code:
---------------
<?php
ini_set("soap.wsdl_cache_enabled", "0");
class DummyClass {
public function __call($name, $arguments) {
fprintf(STDERR, "Method $name was called with
".var_export($arguments, 1)."\n");
}
}
$HTTP_RAW_POST_DATA = <<<EOF
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:ns1="http://www.foo.de/services/exampleService";>
<SOAP-ENV:Body>
<ns1:exampleRequest>
<aaaa>1000</aaaa>
<bbb>815</bbb>
</ns1:exampleRequest>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
EOF;
$server = new SoapServer("chammers.wsdl");
$server->setClass('DummyClass');
$server->handle($HTTP_RAW_POST_DATA);
########################################################################
And the WSDL (here "chammers.wsdl")
<?xml version="1.0" encoding="UTF-8"?>
<wsdl:definitions
xmlns:http="http://schemas.xmlsoap.org/wsdl/http/";
xmlns:mime="http://schemas.xmlsoap.org/wsdl/mime/";
xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/";
xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/";
xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:tns="http://www.foo.de/services/exampleService";
targetNamespace="http://www.foo.de/services/exampleService";>
<!-- ==== TYPES ==== -->
<wsdl:types>
<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema";
targetNamespace="http://www.foo.de/services/exampleService";>
<xsd:element name="exampleRequest">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="aaa" type="xsd:int"/>
<xsd:element name="bbb" type="xsd:int"/>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
</xsd:schema>
</wsdl:types>
<!-- ==== MESSAGE ==== -->
<wsdl:message name="exampleRequestMessage">
<wsdl:part name="body" element="tns:exampleRequest"/>
</wsdl:message>
<!-- ==== PORTTYPE ==== -->
<wsdl:portType name="examplePortType">
<wsdl:operation name="example">
<wsdl:input message="tns:exampleRequestMessage"/>
</wsdl:operation>
</wsdl:portType>
<!-- ==== BINDING ==== -->
<wsdl:binding name="exampleBinding" type="tns:examplePortType">
<soap:binding style="document"
transport="http://schemas.xmlsoap.org/soap/http"/>
<wsdl:operation name="example">
<soap:operation
soapAction="http://soap.foo.de/services/example"/>
<wsdl:input>
<soap:body use="literal" />
</wsdl:input>
</wsdl:operation>
</wsdl:binding>
<!-- ==== SERVICE ==== -->
<wsdl:service name="exampleServices">
<wsdl:port name="examplePortType"
binding="tns:exampleBinding">
<soap:address
location="http://localhost:4080/services/exampleServices"/>
</wsdl:port>
</wsdl:service>
</wsdl:definitions>
Expected result:
----------------
As the request parameter "aaa" has a typo and is actually written as
"aaaa" I would expect an Exception or at least some kind of warning.
Actual result:
--------------
... but the handler class just gets the "bbb" parameter:
$ php chammers.php
Method example was called with array (
0 =>
stdClass::__set_state(array(
'bbb' => 815,
)),
)
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=45966&edit=1
