IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Throw an error if entity substitution was requested.
Now we only downgrade to a warning if
- XML_PARSE_DTDLOAD wasn't specified, and
- entity aren't substituted or XML_PARSE_NO_XXE was specified.
Should fix#724.
This should only be done in xmlParseReference.
The handling of undeclared entities is still somewhat inconsistent. In
element content we create references even if entity substitution is
enabled. In attribute values undeclared entities are always ignored.
Always use XML_WAR_UNDECLARED_ENTITY with warning error level in
documents with external subset or parameter entities. Use
XML_ERR_UNDECLARED_ENTITY otherwise.
Also decode entities in namespace URIs if entity substitution wasn't
requested. This should fix some corner cases when comparing namespace
URIs. The Namespaces in XML 1.0 spec says:
> In a namespace declaration, the URI reference is the normalized value
> of the attribute, so replacement of XML character and entity
> references has already been done before any comparison.
Make the serialization code escape special characters in namespace URIs
like in attribute values. This fixes serialization if entities were
substituted when parsing.
Fixes https://gitlab.gnome.org/GNOME/libxslt/-/issues/106
Fixes a regression from commit e0dd330b, resulting in duplicate
attributes in the predefined XML namespace not being detected or
extraneous default attributes being passed.
Fixes#704.
Don't use a separate function to handle "complex" attributes. Validate
UTF-8 byte sequences without decoding. This should improve performance
considerably when parsing multi-byte UTF-8 sequences.
Use a string buffer to avoid unnecessary allocations and copying when
expanding entities.
Normalize attribute values in a single pass while expanding entities.
Be more lenient in recovery mode.
If no entity substitution was requested, validate entities without
expanding. Fixes#596.
Also fixes#655.
This regressed in commit e0dd330b.
Also fixes a long-standing issue where namespaces from default
attributes weren't added if they match an existing namespace.
Fixes#643.
Functions like xmlCleanSpecialAttr scan a hash table and possibly delete
entries in the callback. xmlHashScanFull must detect such deletions and
rescan the entry.
This regressed when rewriting the hash table code in 4a513d56.
Fixes#626.
This makes the logic in UTF16BEToUTF8() match UTF16LEToUTF8().
* encoding.c:
(UTF16LEToUTF8):
- Fix comment to describe what the code does.
(UTF16BEToUTF8):
- Fix undefined behavior which was applied to UTF16LEToUTF8() in
2f9382033e.
- Add bounds check to while() loop which was applied to
UTF16LEToUTF8() in be803967db.
- Do not return -2 when (in >= inend) to fix the bug. This was
applied to UTF16LEToUTF8() in 496a1cf592.
- Inline (<< 8) statements to match UTF16LEToUTF8().
Add the following tests and results:
test/text-4-byte-UTF-16-BE-offset.xml
test/text-4-byte-UTF-16-BE.xml
test/text-4-byte-UTF-16-LE-offset.xml
test/text-4-byte-UTF-16-LE.xml
Implement section "4.6 Predefined Entities" of the XML 1.0 spec and
check whether redeclarations of predefined entities match the original
definitions.
Note that some test cases declared
<!ENTITY lt "<">
But the XML spec clearly states that this is illegal:
> If the entities lt or amp are declared, they MUST be declared as
> internal entities whose replacement text is a character reference to
> the respective character (less-than sign or ampersand) being escaped;
> the double escaping is REQUIRED for these entities so that references
> to them produce a well-formed result.
Also fixes#217 but the connection is only tangential. The integer
overflow discovered by fuzzing was more related to the fact that various
parts of the parser disagreed on whether to prefer predefined entities
over their redeclarations. The whole situation is a mess and even
depends on legacy parser options. But now that redeclarations are
validated, it shouldn't make a difference.
As noted in the added comment, this is also one of the cases where
overly defensive checks can hide interesting logic bugs from fuzzers.
Despite the comment, I can't see a reason why external entities must be
loaded in the SAX handler. For external entities, the handler is
typically first invoked via xmlParseReference which will later load the
entity on its own if it wasn't loaded yet.
The old code also lead to duplicated SAX events which makes it
basically impossible to reuse xmlSAX2GetEntity for a custom SAX parser.
See the change to the expected test output.
Note that xmlSAX2GetEntity was loading the entity via
xmlParseCtxtExternalEntity while xmlParseReference uses
xmlParseExternalEntityPrivate. In the previous commit, the two
functions were merged, trying to compensate for some slight differences
between the two mostly identical implementations.
But the more urgent reason for this change is that xmlParseReference
has the facility to abort early when recursive entities are detected,
avoiding what could practically amount to an infinite loop.
If you want to backport this change, note that the previous three
commits are required as well:
f9ea1a24 Fix copying of entities in xmlParseReference
5c7e0a9a Copy some XMLReader option flags to parser context
1a3e584a Merge code paths loading external entities
Found by OSS-Fuzz.
* parser.c:
(xmlCheckCdataPush): Add 'complete' argument to describe whether
the buffer passed in is the whole CDATA buffer, or if there is
more data to parse. If there is more data to parse, don't
return a negative value for an invalid multi-byte UTF-8
character that is split between buffers.
(xmlParseTryOrFinish): Pass 'complete' argument to
xmlCheckCdataPush() as appropriate.
* result/cdata-2-byte-UTF-8.xml: Added.
* result/cdata-2-byte-UTF-8.xml.rde: Added.
* result/cdata-2-byte-UTF-8.xml.rdr: Added.
* result/cdata-2-byte-UTF-8.xml.sax: Added.
* result/cdata-2-byte-UTF-8.xml.sax2: Added.
* result/cdata-3-byte-UTF-8.xml: Added.
* result/cdata-3-byte-UTF-8.xml.rde: Added.
* result/cdata-3-byte-UTF-8.xml.rdr: Added.
* result/cdata-3-byte-UTF-8.xml.sax: Added.
* result/cdata-3-byte-UTF-8.xml.sax2: Added.
* result/cdata-4-byte-UTF-8.xml: Added.
* result/cdata-4-byte-UTF-8.xml.rde: Added.
* result/cdata-4-byte-UTF-8.xml.rdr: Added.
* result/cdata-4-byte-UTF-8.xml.sax: Added.
* result/cdata-4-byte-UTF-8.xml.sax2: Added.
* result/noent/cdata-2-byte-UTF-8.xml: Added.
* result/noent/cdata-3-byte-UTF-8.xml: Added.
* result/noent/cdata-4-byte-UTF-8.xml: Added.
* test/cdata-2-byte-UTF-8.xml: Added.
* test/cdata-3-byte-UTF-8.xml: Added.
* test/cdata-4-byte-UTF-8.xml: Added.
- Add tests and results. Only 'make Readertests XMLPushtests'
fails prior to the fix.
https://bugzilla.gnome.org/show_bug.cgi?id=698550
Somehow the behaviour of the internal parser routine changed
slightly when encountering CR/LF, which led to a bug when
parsing document with non-ascii Names
* test/utf16bebom.xml: regression test showed that this test case was
broken but previous behaviour would not detect it !
* parser.c: fix 566012 for the push mode of the parser, tricky !
* test/ebcdic_566012.xml result//ebcdic_566012.xml*: add the test to the
regression suite
* parser.c: when replacing entities and that the entity is CDATA and
reference entities then white space character in replacement text
need to be replaced by 0x20
* result/noent/att10: correct the output of the associated regression
test
* configure.in doc/* NEWS: preparing the release of 2.7.2
* dict.c: fix the Solaris portability issue
* parser.c: additional cleanup on #554660 fix
* test/ent13 result/ent13* result/noent/ent13*: added the
example in the regression test suite.
* HTMLparser.c: handle leading BOM in htmlParseElement()
Daniel
svn path=/trunk/; revision=3799
* parser.c: fix various attribute normalisation problems reported
by Ashwin
* result/c14n/without-comments/example-4
result/c14n/with-comments/example-4: this impacted the result of
two c14n tests :-\
* test/att9 test/att10 test/att11 result//att9* result//att10*
result//att11*: added 3 specific regression tests coming from the
XML spec revision and from Ashwin
Daniel
svn path=/trunk/; revision=3715
* xmlsave.c parser.c: fix handling of empty CDATA nodes as
reported and discussed around #514181 and associated patches
* test/emptycdata.xml result/emptycdata.xml*
result/noent/emptycdata.xml: added a specific test in the
regression suite.
Daniel
svn path=/trunk/; revision=3701
* parser.c: fixed the push mode when a big comment occurs before
an internal subset, should close bug #438835
* test/comment6.xml result//comment6.xml*: added a special
test in the regression suite
Daniel
svn path=/trunk/; revision=3635
* xmlsave.c: Removed the automatic generation of CDATA sections
for the content of the "script" and "style" elements when
serializing XHTML. The issue was reported by Vincent Lefevre,
bug #345147.
* result/xhtml1 result/noent/xhtml1: Adjusted regression test
results due to the serialization change described above.
* parser.c: fixed the comment streaming bug raised by Graham Bennett
* test/badcomment.xml result//badcomment.xml*: added to the regression suite.
Daniel
* parser.c: reverted first patches for #319279 which led to #326295
and fixed the problem in xmlParseChunk() instead
* test/ent11 result//ent11*: added test for #326295 to the regression
suite
Daniel
* xmlsave.c: applied second patch from David Madore to be less intrusive
when handling scripts and style elements in XHTML1 should fix#316041
* test/xhtml1 result//xhtml1\*: updated the test accordingly
Daniel
* parser.c: fixing bug #166777 (and #169838), it was an heuristic
in areBlanks which failed.
* result/winblanks.xml* result/noent/winblanks.xml test/winblanks.xml:
added the input file to the regression tests
Daniel
* parser.c: applied patch from Malcolm Rowe to avoid namespace
troubles on rollback parsing of elements start #304761
* test/nsclean.xml result/noent/nsclean.xml result/nsclean.xml*:
added it to the regression tests.
Daniel
* parser.c: found and fixed 2 problems in the internal subset scanning
code affecting the push parser (and the reader), fixes#165126
* test/intsubset2.xml result//intsubset2.xml*: added the test case
to the regression tests.
Daniel
* parser.c: boosting common commnent parsing code, it was really
slow.
* test/comment[3-5].xml result//comment[3-5].xml*: added sprecific
regression tests
Daniel
* parser.c: fixed namespace bug in push mode reported by
Rob Richards
* test/ns6 result//ns6*: added it to the regression tests
* xmlmodule.c testModule.c include/libxml/xmlmodule.h:
added an extra option argument to module opening and defined
a couple of flags to the API.
Daniel
* xmlschemastypes.c: "" is a valid hexbinary string dixit xmlschema-dev
* result/schemas/hexbinary_0_1.err test/schemas/hexbinary_1.xml:
update the test.
* test/ns5 result//ns5*: added a test for the namespace bug fixed
in previous commit.
* Makefile.am: added a message in the regression tests
Daniel
* parser.c xmlreader.c include/libxml/parser.h: fixed a serious
problem when substituing entities using the Reader, the entities
content might be freed and if rereferenced would crash
* Makefile.am test/* result/*: added a new test case and a new
test operation for the reader with substitution of entities.
Daniel
* xmlsave.c: apply fix for XHTML1 formating from Nick Wellnhofer
fixes bug #141266
* test/xhtmlcomp result//xhtmlcomp*: added the specific regression
test
Daniel
* parser.c: fix bug reported by Holger Rauch
* test/att8 result/noent/att8 result/att8 result/att8.rdr
result/att8.sax: added the test to th regression suite
Daniel
* tree.c: xmlAttrSerializeTxtContent don't segfault if NULL
is passed.
* test/att7 result//att7*: adding an old regression test
laying around on my laptop
Daniel
* parser.c: fixed a problem in push mode when attribute contains
unescaped '>' characters, fixes bug #134566
* test/att6 result//att6*: added the test to the regression suite
Daniel
* parser.c: fixed bug #132575 about finding the end of the
internal subset in push mode.
* test/intsubset.xml result/intsubset.xml* result/noent/intsubset.xml:
added the test to the regression suite
Daniel
