Edit report at http://bugs.php.net/bug.php?id=45966&edit=1
ID: 45966 Comment by: wim at godden dot net Reported by: chammers at netcologne dot de Summary: SoapServer does not report WSDL validation errors Status: No Feedback Type: Bug Package: SOAP related Operating System: Linux PHP Version: 5.2.6 Block user comment: N New Comment: The problem (which still exists in 5.3.3) is a little worse than thought : the SoapServer doesn't mention invalid elements (elements that basically shouldn't be there), it also doesn't complain about missing elements. Basically, it seems there's no decent validation code in the PHP SoapServer. Is this something on the roadmap ? Previous Comments: ------------------------------------------------------------------------ [2010-07-05 07:26:44] ccorliss at gmail dot com Despite the comment below, this issue is still not fixed in 5.3.2. Missing required elements are quietly skipped. ------------------------------------------------------------------------ [2009-05-03 01:00:17] php-bugs at lists dot php dot net No feedback was provided for this bug for over a week, so it is being suspended automatically. If you are able to provide the information that was originally requested, please do so and change the status of the bug back to "Open". ------------------------------------------------------------------------ [2009-04-25 16:24:34] j...@php.net Please try using this CVS snapshot: http://snaps.php.net/php5.2-latest.tar.gz For Windows: http://windows.php.net/snapshots/ ------------------------------------------------------------------------ [2008-09-01 17:24:00] chammers at netcologne dot de Description: ------------ When receiving a SOAP request, SoapServer does not properly validate if it matches the given WSDL. Invalid elements are simply surpressed and not passed through to the called function. I would expect the SoapServer->handler() to raise an Exception so that the program can decide if it terminates or go ahead with all parameters it can get. bye, -christian- Reproduce code: --------------- <?php ini_set("soap.wsdl_cache_enabled", "0"); class DummyClass { public function __call($name, $arguments) { fprintf(STDERR, "Method $name was called with ".var_export($arguments, 1)."\n"); } } $HTTP_RAW_POST_DATA = <<<EOF <?xml version="1.0" encoding="UTF-8"?> <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:ns1="http://www.foo.de/services/exampleService";> <SOAP-ENV:Body> <ns1:exampleRequest> <aaaa>1000</aaaa> <bbb>815</bbb> </ns1:exampleRequest> </SOAP-ENV:Body> </SOAP-ENV:Envelope> EOF; $server = new SoapServer("chammers.wsdl"); $server->setClass('DummyClass'); $server->handle($HTTP_RAW_POST_DATA); ######################################################################## And the WSDL (here "chammers.wsdl") <?xml version="1.0" encoding="UTF-8"?> <wsdl:definitions xmlns:http="http://schemas.xmlsoap.org/wsdl/http/"; xmlns:mime="http://schemas.xmlsoap.org/wsdl/mime/"; xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"; xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"; xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:tns="http://www.foo.de/services/exampleService"; targetNamespace="http://www.foo.de/services/exampleService";> <!-- ==== TYPES ==== --> <wsdl:types> <xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema"; targetNamespace="http://www.foo.de/services/exampleService";> <xsd:element name="exampleRequest"> <xsd:complexType> <xsd:sequence> <xsd:element name="aaa" type="xsd:int"/> <xsd:element name="bbb" type="xsd:int"/> </xsd:sequence> </xsd:complexType> </xsd:element> </xsd:schema> </wsdl:types> <!-- ==== MESSAGE ==== --> <wsdl:message name="exampleRequestMessage"> <wsdl:part name="body" element="tns:exampleRequest"/> </wsdl:message> <!-- ==== PORTTYPE ==== --> <wsdl:portType name="examplePortType"> <wsdl:operation name="example"> <wsdl:input message="tns:exampleRequestMessage"/> </wsdl:operation> </wsdl:portType> <!-- ==== BINDING ==== --> <wsdl:binding name="exampleBinding" type="tns:examplePortType"> <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/> <wsdl:operation name="example"> <soap:operation soapAction="http://soap.foo.de/services/example"/> <wsdl:input> <soap:body use="literal" /> </wsdl:input> </wsdl:operation> </wsdl:binding> <!-- ==== SERVICE ==== --> <wsdl:service name="exampleServices"> <wsdl:port name="examplePortType" binding="tns:exampleBinding"> <soap:address location="http://localhost:4080/services/exampleServices"/> </wsdl:port> </wsdl:service> </wsdl:definitions> Expected result: ---------------- As the request parameter "aaa" has a typo and is actually written as "aaaa" I would expect an Exception or at least some kind of warning. Actual result: -------------- ... but the handler class just gets the "bbb" parameter: $ php chammers.php Method example was called with array ( 0 => stdClass::__set_state(array( 'bbb' => 815, )), ) ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/bug.php?id=45966&edit=1
