On 7/30/15 2:57 PM, Stanislav Malyshev wrote:
Hi!
The problem here is that imagine the following:
I think if we separate the loading the initial file (i.e., staring point
of the XML parser) and the loading the entities from that file (which is
not happening right now) we'd solve many BC problems. Not sure about
SOAP, but many others for sure.
It will solve many but your guess is as good as mine as to what the
split will be. All come down to what people are doing with XML. I've had
comments from both sides where people hate the way its currently
implemented and have suggested the idea of allowing initial file and
then from others who like it as is. Regardless tho the current
implementation should definitely not be enabled by default but I could
see something laxer like this. I still say it should be a different
function and leave the current one as is.
I know that you want it to work, but this is actually a great place to
fail, because you're loading a trusted resource over HTTP. Meaning
that an attacker could MITM and inject malicous XML into the response,
and own your server without even needing to own the endpoint.
I feel like XML parser is a wrong place to solve this problem, transport
security can be done in HTTPS, signatures, etc. Otherwise many protocols
that rely on XML - such as SAML, which is quite widely used - would be
completely useless.
Rob
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
