mahara-contributors team mailing list archive

[guy thomas <brudinie@xxxxxxxxx>]

Public bug reported:

operating system
=========================
Distributor ID:	Ubuntu
Description:	Ubuntu 14.04.1 LTS
Release:	14.04
Codename:	trusty
=========================

Mahara version: 1.9.3

Database: mysql

Browser: chrome 40.0.2214.111

simpleXML may not be the best parser for XMLRPC payloads

in api/xmlrpc/lib.php

function parse_payload($payload) {
    try {
        $xml = new SimpleXMLElement($payload);
        return $xml;
    } catch (Exception $e) {
        throw new MaharaException('Encrypted payload is not a valid XML document', 6002);
    }
}

This means if you send a large file (in our tests greater than approx 7mb) base 64 encoded over XMLRPC it will fail to parse.
It didn't seem to make any difference if we increased the memory limit to 800M in php.ini or even by setting the php memory limit to 800M via PHP ini_set in function parse_payload - this suggests that there is a limit to what SimpleXML can handle regardless of the PHP memory limit.

Note - 932 in my source code is the 'throw new exception' following $xml
= new SimpleXMLElement($payload);

called at [/vagrant/www/maharadev/mahara/lib/errors.php:465] #1 exception(MaharaException Object ([] => 1,[] => Encrypted payload is not a valid XML document,[] => ,[] => 6002,[] => /vagrant/www/maharadev/mahara/api/xmlrpc/lib.php,[] => 932,[] => Array ([0] => Array ([file] => /vagrant/www/maharadev/mahara/api/xmlrpc/lib.php,[line] => 921,[function] => parse_payload,[args] => Array ([0] =>ERROR 4:
4: remote server error: code: , message: A nonrecoverable error occurred. This probably means you have encountered a bug in the system #0 MaharaException->handle_exception() called at [/vagrant/www/maharadev/mahara/lib/errors.php:465] #1 exception(MaharaException Object ([] => 1,[] => Encrypted payload is not a valid XML document,[] => ,[] => 6002,[] => /vagrant/www/maharadev/mahara/api/xmlrpc/lib.php,[] => 932,[] => Array ([0] => Array ([file] => /vagrant/www/maharadev/mahara/api/xmlrpc/lib.php,[line] => 921,[function] => parse_payload,[args] => Array ([0] =>

** Affects: mahara
     Importance: Undecided
         Status: New

** Description changed:

  operating system
  =========================
  Distributor ID:	Ubuntu
  Description:	Ubuntu 14.04.1 LTS
  Release:	14.04
  Codename:	trusty
  =========================
  
  Mahara version: 1.9.3
  
  Database: mysql
  
  Browser: chrome 40.0.2214.111
  
- 
  simpleXML may not be the best parser for XMLRPC payloads
  
  in api/xmlrpc/lib.php
  
  function parse_payload($payload) {
-     file_put_contents('/vagrant/maharalog.txt', $payload);
-     try {
-         $xml = new SimpleXMLElement($payload);
-         return $xml;
-     } catch (Exception $e) {
-         throw new MaharaException('Encrypted payload is not a valid XML document', 6002);
-     }
+     try {
+         $xml = new SimpleXMLElement($payload);
+         return $xml;
+     } catch (Exception $e) {
+         throw new MaharaException('Encrypted payload is not a valid XML document', 6002);
+     }
  }
  
  This means if you send a large file (in our tests greater than approx 7mb) base 64 encoded over XMLRPC it will fail to parse.
  It didn't seem to make any difference if we increased the memory limit to 800M in php.ini or even by setting the php memory limit to 800M via PHP ini_set in function parse_payload - this suggests that there is a limit to what SimpleXML can handle regardless of the PHP memory limit.
  
  Note - 932 in my source code is the 'throw new exception' following $xml
  = new SimpleXMLElement($payload);
  
  called at [/vagrant/www/maharadev/mahara/lib/errors.php:465] #1 exception(MaharaException Object ([] => 1,[] => Encrypted payload is not a valid XML document,[] => ,[] => 6002,[] => /vagrant/www/maharadev/mahara/api/xmlrpc/lib.php,[] => 932,[] => Array ([0] => Array ([file] => /vagrant/www/maharadev/mahara/api/xmlrpc/lib.php,[line] => 921,[function] => parse_payload,[args] => Array ([0] =>ERROR 4:
  4: remote server error: code: , message: A nonrecoverable error occurred. This probably means you have encountered a bug in the system #0 MaharaException->handle_exception() called at [/vagrant/www/maharadev/mahara/lib/errors.php:465] #1 exception(MaharaException Object ([] => 1,[] => Encrypted payload is not a valid XML document,[] => ,[] => 6002,[] => /vagrant/www/maharadev/mahara/api/xmlrpc/lib.php,[] => 932,[] => Array ([0] => Array ([file] => /vagrant/www/maharadev/mahara/api/xmlrpc/lib.php,[line] => 921,[function] => parse_payload,[args] => Array ([0] =>

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it!
https://bugs.launchpad.net/bugs/1422837

Title:
  XML RPC simpleXML limits payload size

Status in Mahara ePortfolio:
  New

Bug description:
  operating system
  =========================
  Distributor ID:	Ubuntu
  Description:	Ubuntu 14.04.1 LTS
  Release:	14.04
  Codename:	trusty
  =========================

  Mahara version: 1.9.3

  Database: mysql

  Browser: chrome 40.0.2214.111

  simpleXML may not be the best parser for XMLRPC payloads

  in api/xmlrpc/lib.php

  function parse_payload($payload) {
      try {
          $xml = new SimpleXMLElement($payload);
          return $xml;
      } catch (Exception $e) {
          throw new MaharaException('Encrypted payload is not a valid XML document', 6002);
      }
  }

  This means if you send a large file (in our tests greater than approx 7mb) base 64 encoded over XMLRPC it will fail to parse.
  It didn't seem to make any difference if we increased the memory limit to 800M in php.ini or even by setting the php memory limit to 800M via PHP ini_set in function parse_payload - this suggests that there is a limit to what SimpleXML can handle regardless of the PHP memory limit.

  Note - 932 in my source code is the 'throw new exception' following
  $xml = new SimpleXMLElement($payload);

  called at [/vagrant/www/maharadev/mahara/lib/errors.php:465] #1 exception(MaharaException Object ([] => 1,[] => Encrypted payload is not a valid XML document,[] => ,[] => 6002,[] => /vagrant/www/maharadev/mahara/api/xmlrpc/lib.php,[] => 932,[] => Array ([0] => Array ([file] => /vagrant/www/maharadev/mahara/api/xmlrpc/lib.php,[line] => 921,[function] => parse_payload,[args] => Array ([0] =>ERROR 4:
  4: remote server error: code: , message: A nonrecoverable error occurred. This probably means you have encountered a bug in the system #0 MaharaException->handle_exception() called at [/vagrant/www/maharadev/mahara/lib/errors.php:465] #1 exception(MaharaException Object ([] => 1,[] => Encrypted payload is not a valid XML document,[] => ,[] => 6002,[] => /vagrant/www/maharadev/mahara/api/xmlrpc/lib.php,[] => 932,[] => Array ([0] => Array ([file] => /vagrant/www/maharadev/mahara/api/xmlrpc/lib.php,[line] => 921,[function] => parse_payload,[args] => Array ([0] =>

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1422837/+subscriptions