You are here

function xmlrpc_message_parse in Drupal 7

Same name and namespace in other branches
  1. 4 includes/xmlrpc.inc \xmlrpc_message_parse()
  2. 5 includes/xmlrpc.inc \xmlrpc_message_parse()
  3. 6 includes/xmlrpc.inc \xmlrpc_message_parse()

Parses an XML-RPC message.

If parsing fails, the faultCode and faultString will be added to the message object.

Parameters

$xmlrpc_message: An object generated by xmlrpc_message().

Return value

TRUE if parsing succeeded; FALSE otherwise.

3 calls to xmlrpc_message_parse()
XMLRPCBasicTestCase::testInvalidMessageParsing in modules/simpletest/tests/xmlrpc.test
Ensure that XML-RPC correctly handles invalid messages when parsing.
xmlrpc_server in includes/xmlrpcs.inc
Invokes XML-RPC methods on this server.
_xmlrpc in includes/xmlrpc.inc
Performs one or more XML-RPC requests.

File

includes/xmlrpc.inc, line 173
Drupal XML-RPC library.

Code

function xmlrpc_message_parse($xmlrpc_message) {
  $xmlrpc_message->_parser = xml_parser_create();

  // Set XML parser to take the case of tags into account.
  xml_parser_set_option($xmlrpc_message->_parser, XML_OPTION_CASE_FOLDING, FALSE);

  // Set XML parser callback functions
  xml_set_element_handler($xmlrpc_message->_parser, 'xmlrpc_message_tag_open', 'xmlrpc_message_tag_close');
  xml_set_character_data_handler($xmlrpc_message->_parser, 'xmlrpc_message_cdata');
  xmlrpc_message_set($xmlrpc_message);

  // Strip XML declaration.
  $header = preg_replace('/<\\?xml.*?\\?' . '>/s', '', substr($xmlrpc_message->message, 0, 100), 1);
  $xml = trim(substr_replace($xmlrpc_message->message, $header, 0, 100));
  if ($xml == '') {
    return FALSE;
  }

  // Strip DTD.
  $header = preg_replace('/^<!DOCTYPE[^>]*+>/i', '', substr($xml, 0, 200), 1);
  $xml = trim(substr_replace($xml, $header, 0, 200));
  if ($xml == '') {
    return FALSE;
  }

  // Confirm the XML now starts with a valid root tag. A root tag can end in [> \t\r\n]
  $root_tag = substr($xml, 0, strcspn(substr($xml, 0, 20), "> \t\r\n"));

  // Reject a second DTD.
  if (strtoupper($root_tag) == '<!DOCTYPE') {
    return FALSE;
  }
  if (!in_array($root_tag, array(
    '<methodCall',
    '<methodResponse',
    '<fault',
  ))) {
    return FALSE;
  }

  // Skip parsing if there is an unreasonably large number of tags.
  try {
    $dom = new DOMDocument();
    @$dom
      ->loadXML($xml);
    if ($dom
      ->getElementsByTagName('*')->length > variable_get('xmlrpc_message_maximum_tag_count', 30000)) {
      return FALSE;
    }
  } catch (Exception $e) {
    return FALSE;
  }
  if (!xml_parse($xmlrpc_message->_parser, $xml)) {
    return FALSE;
  }
  xml_parser_free($xmlrpc_message->_parser);

  // Grab the error messages, if any.
  $xmlrpc_message = xmlrpc_message_get();
  if (!isset($xmlrpc_message->messagetype)) {
    return FALSE;
  }
  elseif ($xmlrpc_message->messagetype == 'fault') {
    $xmlrpc_message->fault_code = $xmlrpc_message->params[0]['faultCode'];
    $xmlrpc_message->fault_string = $xmlrpc_message->params[0]['faultString'];
  }
  return TRUE;
}