[PHP-BUG] Bug #52257 [NEW]: module php5-librdf causes libxslt's security module to fail

[matth at mlalonde dot net]

From:             
Operating system: Ubuntu LTS
PHP version:      5.3.2
Package:          XSLT related
Bug Type:         Bug
Bug description:module php5-librdf causes libxslt's security module to fail

Description:
------------
I have been able to replicate under three environment running Ubuntu LTS
php5 (cli, cgi or mod_php), libxslt 1.1.26 and the php5 module and librdf0
and the php5 module.



With the above setup, any <xsl:import href="local/file.xsl" /> call will
fail with the error



XSLTProcessor::importStylesheet(): Local file read for
/path/to/local/file.xsl refused



Using XSLCache will result in a segfault and no errors.



Removing php5's librdf module fixes the issue.

Test script:
---------------
# a.php 

<?php

ini_set('display_errors', 1);

ini_set('error_reporting', E_ALL|E_STRICT|E_NOTICE);



//phpinfo();



$doc = new DOMDocument();

$xsl = new XSLTProcessor();



$xsl_filename = __DIR__ . '/collection.xsl';

$xml_filename = __DIR__ . '/collection.xml';



$doc->load($xsl_filename);

$xsl->importStyleSheet($doc);



$doc->load($xml_filename);

echo $xsl->transformToXML($doc);



# collection.xml

<collection>

 <cd>

  <title>Fight for your mind</title>

  <artist>Ben Harper</artist>

  <year>1995</year>

 </cd>

 <cd>

  <title>Electric Ladyland</title>

  <artist>Jimi Hendrix</artist>

  <year>1997</year>

 </cd>

</collection>



# collection.xsl

<xsl:stylesheet version="1.0"
xmlns:xsl="http://www.w3.org/1999/XSL/Transform";>

 <xsl:import href="file:///var/www/pgadmin/temp/collection2.xsl" />

 <xsl:param name="owner" select="'Nicolas Eliaszewicz'"/>

 <xsl:output method="html" encoding="iso-8859-1" indent="no"/>

 <xsl:template match="collection">

  Hey! Welcome to <xsl:value-of select="$owner"/>'s sweet CD collection!

  <xsl:apply-templates/>

 </xsl:template>

 <xsl:template match="cd">

  <h1><xsl:value-of select="title"/></h1>

  <h2>by <xsl:value-of select="artist"/> - <xsl:value-of
select="year"/></h2>

  <hr />

 </xsl:template>

</xsl:stylesheet>



# collection2.xsl

<xsl:stylesheet version="1.0"
xmlns:xsl="http://www.w3.org/1999/XSL/Transform";>

 <xsl:param name="owner" select="'Nicolas Eliaszewicz'"/>

 <xsl:output method="html" encoding="iso-8859-1" indent="no"/>

 <xsl:template match="collection">

  Hey! Welcome to <xsl:value-of select="$owner"/>'s sweet CD collection!

  <xsl:apply-templates/>

 </xsl:template>

 <xsl:template match="cd">

  <h1><xsl:value-of select="title"/></h1>

  <h2>by00 <xsl:value-of select="artist"/> - <xsl:value-of
select="year"/></h2>

  <hr />

 </xsl:template>

</xsl:stylesheet>



Expected result:
----------------
A parsed XSLT document with the imported stylesheets. And no errors ;)

Actual result:
--------------
Warning: XSLTProcessor::importStylesheet(): error in /var/www/temp/a.php on
line 14



Call Stack:

    0.0002     627304   1. {main}() /var/www/temp/a.php:0

    0.0006     631128   2. XSLTProcessor->importStylesheet()
/var/www/temp/a.php:14





Warning: XSLTProcessor::importStylesheet(): Local file read for
file:///var/www/pgadmin/temp/collection2.xsl refused in /var/www/temp/a.php
on line 14



Call Stack:

    0.0002     627304   1. {main}() /var/www/temp/a.php:0

    0.0006     631128   2. XSLTProcessor->importStylesheet()
/var/www/temp/a.php:14



-- 
Edit bug report at http://bugs.php.net/bug.php?id=52257&edit=1
-- 
Try a snapshot (PHP 5.2):            
http://bugs.php.net/fix.php?id=52257&r=trysnapshot52
Try a snapshot (PHP 5.3):            
http://bugs.php.net/fix.php?id=52257&r=trysnapshot53
Try a snapshot (trunk):              
http://bugs.php.net/fix.php?id=52257&r=trysnapshottrunk
Fixed in SVN:                        
http://bugs.php.net/fix.php?id=52257&r=fixed
Fixed in SVN and need be documented: 
http://bugs.php.net/fix.php?id=52257&r=needdocs
Fixed in release:                    
http://bugs.php.net/fix.php?id=52257&r=alreadyfixed
Need backtrace:                      
http://bugs.php.net/fix.php?id=52257&r=needtrace
Need Reproduce Script:               
http://bugs.php.net/fix.php?id=52257&r=needscript
Try newer version:                   
http://bugs.php.net/fix.php?id=52257&r=oldversion
Not developer issue:                 
http://bugs.php.net/fix.php?id=52257&r=support
Expected behavior:                   
http://bugs.php.net/fix.php?id=52257&r=notwrong
Not enough info:                     
http://bugs.php.net/fix.php?id=52257&r=notenoughinfo
Submitted twice:                     
http://bugs.php.net/fix.php?id=52257&r=submittedtwice
register_globals:                    
http://bugs.php.net/fix.php?id=52257&r=globals
PHP 4 support discontinued:          http://bugs.php.net/fix.php?id=52257&r=php4
Daylight Savings:                    http://bugs.php.net/fix.php?id=52257&r=dst
IIS Stability:                       
http://bugs.php.net/fix.php?id=52257&r=isapi
Install GNU Sed:                     
http://bugs.php.net/fix.php?id=52257&r=gnused
Floating point limitations:          
http://bugs.php.net/fix.php?id=52257&r=float
No Zend Extensions:                  
http://bugs.php.net/fix.php?id=52257&r=nozend
MySQL Configuration Error:           
http://bugs.php.net/fix.php?id=52257&r=mysqlcfg