add a couple of extra checks parsing for non-compliant responses

gggeek · Apr 14, 2024 · 2c4b96c · 2c4b96c
1 parent f4b1932
commit 2c4b96c
Showing 1 changed file with 27 additions and 4 deletions.
diff --git a/src/Helper/XMLParser.php b/src/Helper/XMLParser.php
@@ -162,7 +162,7 @@ public function parse($data, $returnType = self::RETURN_XMLRPCVALS, $accept = 3,
             'isf_reason' => '',
             'value' => null,
             'method' => false, // so we can check later if we got a methodname or not
-            'params' => array(),
+            'params' => false, // so we can check later if we got a params tag or not
             'pt' => array(),
             'rt' => '',
         );
@@ -290,6 +290,11 @@ public function parse($data, $returnType = self::RETURN_XMLRPCVALS, $accept = 3,
         xml_parser_free($parser);
         $this->current_parsing_options = array();
 
+        // BC
+        if ($this->_xh['params'] === false) {
+            $this->_xh['params'] = array();
+        }
+
         return $this->_xh;
     }
 
@@ -419,10 +424,13 @@ public function xmlrpc_se($parser, $name, $attrs, $acceptSingleVals = false)
 
             case 'METHODCALL':
             case 'METHODRESPONSE':
-            case 'PARAMS':
                 // valid elements that add little to processing
                 break;
 
+            case 'PARAMS':
+                $this->_xh['params'] = array();
+                break;
+
             case 'METHODNAME':
             case 'NAME':
                 /// @todo we could check for 2 NAME elements inside a MEMBER element
@@ -751,13 +759,28 @@ public function xmlrpc_ee($parser, $name, $rebuildXmlrpcvals = 1)
                 break;
 
             /// @todo add extra checking:
-            ///       - METHODRESPONSE should contain either a PARAMS with a single PARAM, or a FAULT
             ///       - FAULT should contain a single struct with the 2 expected members (check their name and type)
-            ///       - METHODCALL should contain a methodname
             case 'PARAMS':
             case 'FAULT':
+                break;
+
             case 'METHODCALL':
+                /// @todo should we allow to accept this case via a call to handleParsingError ?
+                if ($this->_xh['method'] === false) {
+                    $this->_xh['isf'] = 2;
+                    $this->_xh['isf_reason'] = "missing METHODNAME element inside METHODCALL";
+                }
+                break;
+
             case 'METHODRESPONSE':
+                /// @todo should we allow to accept these cases via a call to handleParsingError ?
+                if ($this->_xh['isf'] != 1 && $this->_xh['params'] === false) {
+                    $this->_xh['isf'] = 2;
+                    $this->_xh['isf_reason'] = "missing both FAULT and PARAMS elements inside METHODRESPONSE";
+                } elseif ($this->_xh['isf'] == 0 && count($this->_xh['params']) !== 1) {
+                    $this->_xh['isf'] = 2;
+                    $this->_xh['isf_reason'] = "PARAMS element inside METHODRESPONSE should have exactly 1 PARAM";
+                }
                 break;
 
             default: