Loading ...
Sorry, an error occurred while loading the content.
 

Re: [soaplite] die with "<" character throws no SOAP error

Expand Messages
  • Duncan Cameron
    ... From: hct092003 To: Sent: Thursday, October 16, 2003 9:14 AM Subject: [soaplite] die with
    Message 1 of 6 , Oct 17, 2003
      ----- Original Message -----
      From: "hct092003" <aka_hct@...>
      To: <soaplite@yahoogroups.com>
      Sent: Thursday, October 16, 2003 9:14 AM
      Subject: [soaplite] die with "<" character throws no SOAP error


      > my server has the following code in a function that is called via
      SOAP:
      >
      > die("access denied < FOO >");
      >
      > but this throws no SOAP fault. Instead I get
      > "500 Internal Server Error at MyMod.pm line 13" on client side.
      >
      > After adding some debug to SOAP::Lite.pm I found the following error
      > message on the client side:
      >
      > not well-formed (invalid token) at line 1, column 438, byte 438 at
      > /usr/lib/perl5/vendor_perl/5.8.1/i586-linux-thread-multi/XML/Parser.pm
      > line 185
      >
      > It looks like the "<" character really annoys the XML Parser but
      > should SOAP not take care of that kind of characters? If I remove the
      > "<" and ">" all works fine and I get the SOAP fault like expected.
      > Is this a SOAP::Lite Bug?

      Yes SOAP::Lite should take care of that, and it probably is a bug.
      I have looked at the source code but this stuff is so fiendishly
      convoluted that I can't see where the fault value needs to be escaped.
      As a temporary fix you could escape the special characters yourself.
      This is the code that is used internally

      my %encode_data = ('&' => '&', '<' => '<', "\xd" => ' ');
      sub encode_data {
      (my $e = $_[0]) =~ s/([&<\015])/$encode_data{$1}/g;
      $e =~ s/\]\]>/\]\]>/g;
      $e
      }

      Duncan
    • hct092003
      wrote: thanky for your reply. ... I digged by myself a little bit and added this mini patch at SOAP:Lite in Line 1197 (version 0.60, sub
      Message 2 of 6 , Oct 17, 2003
        <duncan_cameron2002> wrote:

        thanky for your reply.

        > Yes SOAP::Lite should take care of that, and it probably is a bug.
        > I have looked at the source code but this stuff is so fiendishly
        > convoluted that I can't see where the fault value needs to be escaped.

        I digged by myself a little bit and added this mini patch at SOAP:Lite
        in Line 1197 (version 0.60, "sub envelope" )

        } elsif ($type eq 'fault') {
        SOAP::Trace::fault(@parameters);
        #now my patch
        $parameters[1]=SOAP::Utils::encode_data($parameters[1]);
        # patch done
        $body = SOAP::Data
        [...]


        this works pretty well for me but I can't see nasty sideeffects
        because I have nearly no experiences with SOAP at the moment.
        I would be very happy if some SOAP Lite guru here could comment this
        patch and why it's good or bad.

        > As a temporary fix you could escape the special characters yourself.
        > This is the code that is used internally
        >
        > my %encode_data = ('&' => '&', '<' => '<', "\xd" => ' ');
        > sub encode_data {
        > (my $e = $_[0]) =~ s/([&<\015])/$encode_data{$1}/g;
        > $e =~ s/\]\]>/\]\]>/g;
        > $e
        > }

        yes, this might work but sometimes perl dies with "MY DIE MESSAGE at
        myMOD.pm line 13, <DATA> line 283.".
        The "<DATA> line 283." part comes from perl itself and is not written
        by me, so I can't encode that part of string.
      • Byrne Reese
        So I started work on adding this patch and so far have been unable to reproduce it ... which is weird obviously. I am running perl 5.8.0 and SOAP::Lite 0.60. I
        Message 3 of 6 , Oct 19, 2003
          So I started work on adding this patch and so far have been unable to
          reproduce it ... which is weird obviously.

          I am running perl 5.8.0 and SOAP::Lite 0.60. I am in the process of
          upgrading to the latest perl modules that S::L depends upon. I will let
          you know my progress.

          On Fri, 2003-10-17 at 05:03, hct092003 wrote:
          > <duncan_cameron2002> wrote:
          >
          > thanky for your reply.
          >
          > > Yes SOAP::Lite should take care of that, and it probably is a bug.
          > > I have looked at the source code but this stuff is so fiendishly
          > > convoluted that I can't see where the fault value needs to be
          > escaped.
          >
          > I digged by myself a little bit and added this mini patch at SOAP:Lite
          > in Line 1197 (version 0.60, "sub envelope" )
          >
          > } elsif ($type eq 'fault') {
          > SOAP::Trace::fault(@parameters);
          > #now my patch
          > $parameters[1]=SOAP::Utils::encode_data($parameters[1]);
          > # patch done
          > $body = SOAP::Data
          > [...]
          >
          >
          > this works pretty well for me but I can't see nasty sideeffects
          > because I have nearly no experiences with SOAP at the moment.
          > I would be very happy if some SOAP Lite guru here could comment this
          > patch and why it's good or bad.
          >
          > > As a temporary fix you could escape the special characters yourself.
          > > This is the code that is used internally
          > >
          > > my %encode_data = ('&' => '&', '<' => '<', "\xd" => ' ');
          > > sub encode_data {
          > > (my $e = $_[0]) =~ s/([&<\015])/$encode_data{$1}/g;
          > > $e =~ s/\]\]>/\]\]>/g;
          > > $e
          > > }
          >
          > yes, this might work but sometimes perl dies with "MY DIE MESSAGE at
          > myMOD.pm line 13, <DATA> line 283.".
          > The "<DATA> line 283." part comes from perl itself and is not written
          > by me, so I can't encode that part of string.
          >
          >
          >
          >
          > Yahoo! Groups Sponsor
          > ADVERTISEMENT
          > Click Here!
          >
          > To unsubscribe from this group, send an email to:
          > soaplite-unsubscribe@yahoogroups.com
          >
          >
          >
          > Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.
          --
          Byrne Reese <byrne@...>
        • Byrne Reese
          Ok... the fact that my parser does not choke is weird in and of itself because SOAP::Lite is not escaping the variables properly as you discovered.
          Message 4 of 6 , Oct 19, 2003
            Ok... the fact that my parser does not choke is weird in and of itself
            because SOAP::Lite is not escaping the variables properly as you
            discovered. Furthermore, the encoder does not escape the '>' character.
            So I made a couple of changes and am in the process of checking in the
            code now. It will go out in the next release. Thank you for catching
            this!!

            Sincerely,
            The SOAP::Lite Development Team

            On Sun, 2003-10-19 at 17:55, Byrne Reese wrote:
            > So I started work on adding this patch and so far have been unable to
            > reproduce it ... which is weird obviously.
            >
            > I am running perl 5.8.0 and SOAP::Lite 0.60. I am in the process of
            > upgrading to the latest perl modules that S::L depends upon. I will
            > let
            > you know my progress.
            >
            > On Fri, 2003-10-17 at 05:03, hct092003 wrote:
            > > <duncan_cameron2002> wrote:
            > >
            > > thanky for your reply.
            > >
            > > > Yes SOAP::Lite should take care of that, and it probably is a bug.
            > > > I have looked at the source code but this stuff is so fiendishly
            > > > convoluted that I can't see where the fault value needs to be
            > > escaped.
            > >
            > > I digged by myself a little bit and added this mini patch at
            > SOAP:Lite
            > > in Line 1197 (version 0.60, "sub envelope" )
            > >
            > > } elsif ($type eq 'fault') {
            > > SOAP::Trace::fault(@parameters);
            > > #now my patch
            > > $parameters[1]=SOAP::Utils::encode_data($parameters[1]);
            > > # patch done
            > > $body = SOAP::Data
            > > [...]
            > >
            > >
            > > this works pretty well for me but I can't see nasty sideeffects
            > > because I have nearly no experiences with SOAP at the moment.
            > > I would be very happy if some SOAP Lite guru here could comment this
            > > patch and why it's good or bad.
            > >
            > > > As a temporary fix you could escape the special characters
            > yourself.
            > > > This is the code that is used internally
            > > >
            > > > my %encode_data = ('&' => '&', '<' => '<', "\xd" =>
            > ' ');
            > > > sub encode_data {
            > > > (my $e = $_[0]) =~ s/([&<\015])/$encode_data{$1}/g;
            > > > $e =~ s/\]\]>/\]\]>/g;
            > > > $e
            > > > }
            > >
            > > yes, this might work but sometimes perl dies with "MY DIE MESSAGE at
            > > myMOD.pm line 13, <DATA> line 283.".
            > > The "<DATA> line 283." part comes from perl itself and is not
            > written
            > > by me, so I can't encode that part of string.
            > >
            > >
            > >
            > >
            > > Yahoo! Groups Sponsor
            > > ADVERTISEMENT
            > > Click Here!
            > >
            > > To unsubscribe from this group, send an email to:
            > > soaplite-unsubscribe@yahoogroups.com
            > >
            > >
            > >
            > > Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.
            > --
            > Byrne Reese <byrne@...>
            >
            >
            > Yahoo! Groups Sponsor
            > ADVERTISEMENT
            > Click Here!
            >
            > To unsubscribe from this group, send an email to:
            > soaplite-unsubscribe@yahoogroups.com
            >
            >
            >
            > Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.
            --
            Byrne Reese <byrne@...>
          • hct092003
            ... great. Thanks for taking care. -- Uwe Gansert - ug_at_suse.de
            Message 5 of 6 , Oct 20, 2003
              --- In soaplite@yahoogroups.com, Byrne Reese <byrne@m...> wrote:

              > It will go out in the next release.
              > Thank you for catching this!!
              >
              > Sincerely,
              > The SOAP::Lite Development Team

              great. Thanks for taking care.


              --
              Uwe Gansert - ug_at_suse.de
            Your message has been successfully submitted and would be delivered to recipients shortly.