Professional Web Applications Themes

[BUG] REXML 2.7.1 External Entity Parsing - Ruby

--GcuyunM1iFaMYZNm Content-Type: text/plain; cht=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi Everyone, There appears to be a bug in REXML 2.7.1 external entity parsing. The following code throws an error in Ruby 1.8.0/REXML 2.7.1, but not in Ruby 1.6.8/REXML 2.3.5: ---- #!/usr/bin/env ruby require 'rexml/doent' XP =3D '//channel/title' # dump versions puts 'Ruby %s, REXML %s' % [RUBY_VERSION, REXML::Version] # check both examples %w{working.rss broken.rss}.each do |path| File.open(path) do |file| doc =3D REXML::Doent.new file.readlines.join('') puts 'File: ' << path # check to make sure everything is kosher puts 'doc.root.class =3D ' << doc.root.class.to_s puts 'doc.root.elements.class =3D ' << doc.root.elements.class.to_s # get the ...

  1. #1

    Default [BUG] REXML 2.7.1 External Entity Parsing


    --GcuyunM1iFaMYZNm
    Content-Type: text/plain; cht=us-ascii
    Content-Disposition: inline
    Content-Transfer-Encoding: quoted-printable

    Hi Everyone,

    There appears to be a bug in REXML 2.7.1 external entity parsing. The
    following code throws an error in Ruby 1.8.0/REXML 2.7.1, but not in
    Ruby 1.6.8/REXML 2.3.5:

    ----
    #!/usr/bin/env ruby

    require 'rexml/doent'

    XP =3D '//channel/title'

    # dump versions
    puts 'Ruby %s, REXML %s' % [RUBY_VERSION, REXML::Version]

    # check both examples
    %w{working.rss broken.rss}.each do |path|
    File.open(path) do |file|
    doc =3D REXML::Doent.new file.readlines.join('')

    puts 'File: ' << path

    # check to make sure everything is kosher
    puts 'doc.root.class =3D ' << doc.root.class.to_s
    puts 'doc.root.elements.class =3D ' << doc.root.elements.class.to_s

    # get the title of the feed
    puts (e =3D doc.root.elements[XP]) ? e.class.to_s : "Couldn't find #{XP=
    }."
    end
    end
    ----

    2.3.5 Output
    =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
    Ruby 1.6.8, REXML 2.3.5
    File: working.rss
    doc.root.class =3D REXML::Element
    doc.root.elements.class =3D REXML::Elements
    <title>Paul Duncan</title>
    File: broken.rss
    doc.root.class =3D REXML::Element=20
    doc.root.elements.class =3D REXML::Elements
    <title>O'Reilly Network Articles</title>
    =20
    2.7.1 Output
    =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
    Ruby 1.8.0, REXML 2.7.1
    File: working.rss
    doc.root.class =3D REXML::Element
    doc.root.elements.class =3D REXML::Elements
    REXML::Element
    File: broken.rss
    doc.root.class =3D REXML::Element
    doc.root.elements.class =3D REXML::Elements
    /usr/local/lib/site_ruby/1.8/rexml/xpath_pr.rb:83:in `internal_p': =
    undefined method `node_type' for #<REXML::Entity:0x4027d9d0> (NoMethodError)
    from /usr/local/lib/site_ruby/1.8/rexml/xpath_pr.rb:81:in `delete_if'
    from /usr/local/lib/site_ruby/1.8/rexml/xpath_pr.rb:81:in `internal_p=
    '
    from /usr/local/lib/site_ruby/1.8/rexml/xpath_pr.rb:60:in `match'
    from /usr/local/lib/site_ruby/1.8/rexml/xpath_pr.rb:315:in `d_o_s'
    from /usr/local/lib/site_ruby/1.8/rexml/xpath_pr.rb:313:in `each_inde=
    x'
    from /usr/local/lib/site_ruby/1.8/rexml/xpath_pr.rb:313:in `d_o_s'
    from /usr/local/lib/site_ruby/1.8/rexml/xpath_pr.rb:317:in `d_o_s'
    from /usr/local/lib/site_ruby/1.8/rexml/xpath_pr.rb:313:in `each_inde=
    x'
    ... 8 levels...
    from ./rexml_test.rb:12:in `open'
    from ./rexml_test.rb:12
    from ./rexml_test.rb:11:in `each'
    from ./rexml_test.rb:11

    The files in question and additional information are available at
    [url]http://www.raggle.org/files/rexml-external_entity_bug/[/url] . We're
    stripping external entity declarations before parsing feeds in Raggle as
    an interim solution.


    PS. I attempted to use the REXML bug report page on the Germane
    Software site, but it gave me the following error:

    The system encountered a fatal error
    failed to chroot(/home/jitterbug/rexml)
    The last error code was: Operation not permitted
    uid/gid=3D81/81=20

    --=20
    Paul Duncan <pabspablotron.org> OpenPGP Key ID: 0x82C29562
    [url]http://www.pablotron.org/[/url] [url]http://www.paulduncan.org/[/url]

    --GcuyunM1iFaMYZNm
    Content-Type: application/pgp-signature
    Content-Disposition: inline

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.2 (GNU/Linux)

    iD8DBQE/WHYvzdlT34LClWIRAksWAKDHdGet3Dc3D/KN0dqnpUboGzrTYwCgjgWh
    CD9WfZN4tohdbYF2yuirXnE=
    =pwCD
    -----END PGP SIGNATURE-----

    --GcuyunM1iFaMYZNm--

    Paul Duncan Guest

  2. #2

    Default Re: [BUG] REXML 2.7.1 External Entity Parsing

    On Friday 05 September 2003 07:40, Paul Duncan wrote:
    > There appears to be a bug in REXML 2.7.1 external entity parsing. The
    > following code throws an error in Ruby 1.8.0/REXML 2.7.1, but not in
    > Ruby 1.6.8/REXML 2.3.5:
    Thanks. I'm on it.

    BTW, I'll be in the UK from the 12th-27th, and won't have internet access.
    Any bugs reported during that time will be dealt with upon my return.

    --- SER

    Sean Russell Guest

Similar Threads

  1. Replies: 1
    Last Post: February 17th, 03:18 AM
  2. Replies: 0
    Last Post: December 20th, 07:27 PM
  3. REXML - external entities
    By Tobias in forum Ruby
    Replies: 0
    Last Post: September 4th, 11:07 AM
  4. Replies: 2
    Last Post: July 16th, 09:49 AM
  5. [REXML] PExtension
    By Sean Russell in forum Ruby
    Replies: 0
    Last Post: June 26th, 02:19 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139