Skip to content

Allow loading big xml files with XmlEncoder #17956

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Allow loading big xml files with XmlEncoder #17956

wants to merge 1 commit into from

Conversation

rvanlaak
Copy link
Contributor

Q A
Branch 2.7+
Bug fix? yes
New feature? no
BC breaks? no
Deprecations? no
Tests pass? yes
Fixed tickets
License MIT
Doc PR

Also see #16873 where this was fixed for the DomCrawler component.

dunglas
dunglas reviewed Feb 29, 2016
View reviewed changes
src/Symfony/Component/Serializer/Encoder/XmlEncoder.php
@@ -81,7 +81,7 @@ public function decode($data, $format, array $context = array())
libxml_clear_errors();

$dom = new \DOMDocument();
$dom->loadXML($data, LIBXML_NONET | LIBXML_NOBLANKS);
$dom->loadXML($data, LIBXML_NONET | LIBXML_NOBLANKS | (defined('LIBXML_PARSEHUGE') ? LIBXML_PARSEHUGE : 0));
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This constant always exists because Symfony requires PHP >= 5.3.3. You can remove the test.

@dunglas
Copy link
Member

dunglas commented Feb 29, 2016

WDYT about keeping limits on by default but making options configurable using the $context argument?

@fabpot
Copy link
Member

fabpot commented Mar 1, 2016

@dunglas The real question is why someone would want to disable/enable this behavior?

@dunglas
Copy link
Member

dunglas commented Mar 1, 2016

If it's safe and performant, why it is not enabled by default in PHP/libxml? Real question, I've no idea of the history behind this flag.

@rvanlaak
Copy link
Contributor Author

rvanlaak commented Mar 1, 2016

The reason why it isn't set by default is discussed in this blogpost: http://symfony.com/blog/security-release-symfony-2-0-17-released

Making it configurable is okay with me, as long as I can configure it before the RestBundle its BodyListener kicks in. See #16873 (comment)

The RestBundle is required via one of my other dependencies, so we can not get rid of it ;-)

@fabpot
Copy link
Member

fabpot commented Mar 2, 2016

We should make this configurable and not hardcoded. The merging of #16873 was a mistake. We're going to submit a new PR to remove it and make it configurable as well. The intention to use this flag should be done by the developer.

@nicolas-grekas nicolas-grekas mentioned this pull request Mar 2, 2016
Merged
@fabpot
Copy link
Member

fabpot commented Mar 2, 2016

See #17986

fabpot added a commit that referenced this pull request Mar 2, 2016
@fabpot
bug #17986 [DomCrawler] Dont use LIBXML_PARSEHUGE by default (nicolas…
5b577dd 
…-grekas)

This PR was merged into the 2.3 branch.

Discussion
----------

[DomCrawler] Dont use LIBXML_PARSEHUGE by default

| Q             | A
| ------------- | ---
| Branch        | 2.3
| Bug fix?      | yes
| New feature?  | no
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | no
| Fixed tickets | #16873, #17956
| License       | MIT
| Doc PR        | -

Because of http://symfony.com/blog/security-release-symfony-2-0-17-released

Commits
-------

fda32f8 [DomCrawler] Dont use LIBXML_PARSEHUGE by default
@rvanlaak
Copy link
Contributor Author

rvanlaak commented Mar 2, 2016

👍 on making it configurable. How can we make sure this is configurable in userland for the RestBundle::BodyListener? We actually even would like to have this configured for only one of our routes.

@nicolas-grekas
Copy link
Member

@rvanlaak you're asking for a new feature, I think we should close this very PR and I invite you to open a new one against master that would allow setting the flags on XmlEncoder and add some glue to make it configurable in FrameworkBundle (I guess, and if worth it).

@rvanlaak rvanlaak mentioned this pull request Mar 2, 2016
Closed
@rvanlaak
Copy link
Contributor Author

rvanlaak commented Mar 2, 2016

👍 on closing this PR, see #17987

@rvanlaak rvanlaak closed this Mar 2, 2016
@rvanlaak rvanlaak deleted the patch-7 branch March 2, 2016 17:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
Status: Needs Review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@rvanlaak @dunglas @fabpot @nicolas-grekas @carsonbot