Loading ...
Sorry, an error occurred while loading the content.

die with "<" character throws no SOAP error

Expand Messages
  • hct092003
    my server has the following code in a function that is called via SOAP: die( access denied ); but this throws no SOAP fault. Instead I get 500
    Message 1 of 6 , Oct 16, 2003
    • 0 Attachment
      my server has the following code in a function that is called via SOAP:

      die("access denied < FOO >");

      but this throws no SOAP fault. Instead I get
      "500 Internal Server Error at MyMod.pm line 13" on client side.

      After adding some debug to SOAP::Lite.pm I found the following error
      message on the client side:

      not well-formed (invalid token) at line 1, column 438, byte 438 at
      /usr/lib/perl5/vendor_perl/5.8.1/i586-linux-thread-multi/XML/Parser.pm
      line 185

      It looks like the "<" character really annoys the XML Parser but
      should SOAP not take care of that kind of characters? If I remove the
      "<" and ">" all works fine and I get the SOAP fault like expected.
      Is this a SOAP::Lite Bug?
    • Duncan Cameron
      ... From: hct092003 To: Sent: Thursday, October 16, 2003 9:14 AM Subject: [soaplite] die with
      Message 2 of 6 , Oct 17, 2003
      • 0 Attachment
        ----- Original Message -----
        From: "hct092003" <aka_hct@...>
        To: <soaplite@yahoogroups.com>
        Sent: Thursday, October 16, 2003 9:14 AM
        Subject: [soaplite] die with "<" character throws no SOAP error


        > my server has the following code in a function that is called via
        SOAP:
        >
        > die("access denied < FOO >");
        >
        > but this throws no SOAP fault. Instead I get
        > "500 Internal Server Error at MyMod.pm line 13" on client side.
        >
        > After adding some debug to SOAP::Lite.pm I found the following error
        > message on the client side:
        >
        > not well-formed (invalid token) at line 1, column 438, byte 438 at
        > /usr/lib/perl5/vendor_perl/5.8.1/i586-linux-thread-multi/XML/Parser.pm
        > line 185
        >
        > It looks like the "<" character really annoys the XML Parser but
        > should SOAP not take care of that kind of characters? If I remove the
        > "<" and ">" all works fine and I get the SOAP fault like expected.
        > Is this a SOAP::Lite Bug?

        Yes SOAP::Lite should take care of that, and it probably is a bug.
        I have looked at the source code but this stuff is so fiendishly
        convoluted that I can't see where the fault value needs to be escaped.
        As a temporary fix you could escape the special characters yourself.
        This is the code that is used internally

        my %encode_data = ('&' => '&', '<' => '<', "\xd" => ' ');
        sub encode_data {
        (my $e = $_[0]) =~ s/([&<\015])/$encode_data{$1}/g;
        $e =~ s/\]\]>/\]\]>/g;
        $e
        }

        Duncan
      • hct092003
        wrote: thanky for your reply. ... I digged by myself a little bit and added this mini patch at SOAP:Lite in Line 1197 (version 0.60, sub
        Message 3 of 6 , Oct 17, 2003
        • 0 Attachment
          <duncan_cameron2002> wrote:

          thanky for your reply.

          > Yes SOAP::Lite should take care of that, and it probably is a bug.
          > I have looked at the source code but this stuff is so fiendishly
          > convoluted that I can't see where the fault value needs to be escaped.

          I digged by myself a little bit and added this mini patch at SOAP:Lite
          in Line 1197 (version 0.60, "sub envelope" )

          } elsif ($type eq 'fault') {
          SOAP::Trace::fault(@parameters);
          #now my patch
          $parameters[1]=SOAP::Utils::encode_data($parameters[1]);
          # patch done
          $body = SOAP::Data
          [...]


          this works pretty well for me but I can't see nasty sideeffects
          because I have nearly no experiences with SOAP at the moment.
          I would be very happy if some SOAP Lite guru here could comment this
          patch and why it's good or bad.

          > As a temporary fix you could escape the special characters yourself.
          > This is the code that is used internally
          >
          > my %encode_data = ('&' => '&', '<' => '<', "\xd" => ' ');
          > sub encode_data {
          > (my $e = $_[0]) =~ s/([&<\015])/$encode_data{$1}/g;
          > $e =~ s/\]\]>/\]\]>/g;
          > $e
          > }

          yes, this might work but sometimes perl dies with "MY DIE MESSAGE at
          myMOD.pm line 13, <DATA> line 283.".
          The "<DATA> line 283." part comes from perl itself and is not written
          by me, so I can't encode that part of string.
        • Byrne Reese
          So I started work on adding this patch and so far have been unable to reproduce it ... which is weird obviously. I am running perl 5.8.0 and SOAP::Lite 0.60. I
          Message 4 of 6 , Oct 19, 2003
          • 0 Attachment
            So I started work on adding this patch and so far have been unable to
            reproduce it ... which is weird obviously.

            I am running perl 5.8.0 and SOAP::Lite 0.60. I am in the process of
            upgrading to the latest perl modules that S::L depends upon. I will let
            you know my progress.

            On Fri, 2003-10-17 at 05:03, hct092003 wrote:
            > <duncan_cameron2002> wrote:
            >
            > thanky for your reply.
            >
            > > Yes SOAP::Lite should take care of that, and it probably is a bug.
            > > I have looked at the source code but this stuff is so fiendishly
            > > convoluted that I can't see where the fault value needs to be
            > escaped.
            >
            > I digged by myself a little bit and added this mini patch at SOAP:Lite
            > in Line 1197 (version 0.60, "sub envelope" )
            >
            > } elsif ($type eq 'fault') {
            > SOAP::Trace::fault(@parameters);
            > #now my patch
            > $parameters[1]=SOAP::Utils::encode_data($parameters[1]);
            > # patch done
            > $body = SOAP::Data
            > [...]
            >
            >
            > this works pretty well for me but I can't see nasty sideeffects
            > because I have nearly no experiences with SOAP at the moment.
            > I would be very happy if some SOAP Lite guru here could comment this
            > patch and why it's good or bad.
            >
            > > As a temporary fix you could escape the special characters yourself.
            > > This is the code that is used internally
            > >
            > > my %encode_data = ('&' => '&', '<' => '<', "\xd" => ' ');
            > > sub encode_data {
            > > (my $e = $_[0]) =~ s/([&<\015])/$encode_data{$1}/g;
            > > $e =~ s/\]\]>/\]\]>/g;
            > > $e
            > > }
            >
            > yes, this might work but sometimes perl dies with "MY DIE MESSAGE at
            > myMOD.pm line 13, <DATA> line 283.".
            > The "<DATA> line 283." part comes from perl itself and is not written
            > by me, so I can't encode that part of string.
            >
            >
            >
            >
            > Yahoo! Groups Sponsor
            > ADVERTISEMENT
            > Click Here!
            >
            > To unsubscribe from this group, send an email to:
            > soaplite-unsubscribe@yahoogroups.com
            >
            >
            >
            > Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.
            --
            Byrne Reese <byrne@...>
          • Byrne Reese
            Ok... the fact that my parser does not choke is weird in and of itself because SOAP::Lite is not escaping the variables properly as you discovered.
            Message 5 of 6 , Oct 19, 2003
            • 0 Attachment
              Ok... the fact that my parser does not choke is weird in and of itself
              because SOAP::Lite is not escaping the variables properly as you
              discovered. Furthermore, the encoder does not escape the '>' character.
              So I made a couple of changes and am in the process of checking in the
              code now. It will go out in the next release. Thank you for catching
              this!!

              Sincerely,
              The SOAP::Lite Development Team

              On Sun, 2003-10-19 at 17:55, Byrne Reese wrote:
              > So I started work on adding this patch and so far have been unable to
              > reproduce it ... which is weird obviously.
              >
              > I am running perl 5.8.0 and SOAP::Lite 0.60. I am in the process of
              > upgrading to the latest perl modules that S::L depends upon. I will
              > let
              > you know my progress.
              >
              > On Fri, 2003-10-17 at 05:03, hct092003 wrote:
              > > <duncan_cameron2002> wrote:
              > >
              > > thanky for your reply.
              > >
              > > > Yes SOAP::Lite should take care of that, and it probably is a bug.
              > > > I have looked at the source code but this stuff is so fiendishly
              > > > convoluted that I can't see where the fault value needs to be
              > > escaped.
              > >
              > > I digged by myself a little bit and added this mini patch at
              > SOAP:Lite
              > > in Line 1197 (version 0.60, "sub envelope" )
              > >
              > > } elsif ($type eq 'fault') {
              > > SOAP::Trace::fault(@parameters);
              > > #now my patch
              > > $parameters[1]=SOAP::Utils::encode_data($parameters[1]);
              > > # patch done
              > > $body = SOAP::Data
              > > [...]
              > >
              > >
              > > this works pretty well for me but I can't see nasty sideeffects
              > > because I have nearly no experiences with SOAP at the moment.
              > > I would be very happy if some SOAP Lite guru here could comment this
              > > patch and why it's good or bad.
              > >
              > > > As a temporary fix you could escape the special characters
              > yourself.
              > > > This is the code that is used internally
              > > >
              > > > my %encode_data = ('&' => '&', '<' => '<', "\xd" =>
              > ' ');
              > > > sub encode_data {
              > > > (my $e = $_[0]) =~ s/([&<\015])/$encode_data{$1}/g;
              > > > $e =~ s/\]\]>/\]\]>/g;
              > > > $e
              > > > }
              > >
              > > yes, this might work but sometimes perl dies with "MY DIE MESSAGE at
              > > myMOD.pm line 13, <DATA> line 283.".
              > > The "<DATA> line 283." part comes from perl itself and is not
              > written
              > > by me, so I can't encode that part of string.
              > >
              > >
              > >
              > >
              > > Yahoo! Groups Sponsor
              > > ADVERTISEMENT
              > > Click Here!
              > >
              > > To unsubscribe from this group, send an email to:
              > > soaplite-unsubscribe@yahoogroups.com
              > >
              > >
              > >
              > > Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.
              > --
              > Byrne Reese <byrne@...>
              >
              >
              > Yahoo! Groups Sponsor
              > ADVERTISEMENT
              > Click Here!
              >
              > To unsubscribe from this group, send an email to:
              > soaplite-unsubscribe@yahoogroups.com
              >
              >
              >
              > Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.
              --
              Byrne Reese <byrne@...>
            • hct092003
              ... great. Thanks for taking care. -- Uwe Gansert - ug_at_suse.de
              Message 6 of 6 , Oct 20, 2003
              • 0 Attachment
                --- In soaplite@yahoogroups.com, Byrne Reese <byrne@m...> wrote:

                > It will go out in the next release.
                > Thank you for catching this!!
                >
                > Sincerely,
                > The SOAP::Lite Development Team

                great. Thanks for taking care.


                --
                Uwe Gansert - ug_at_suse.de
              Your message has been successfully submitted and would be delivered to recipients shortly.