[php-maint] Bug#518971: libapache2-mod-php5: wddx_unserialize / wddx_deserialize strips HTML entities

mnc at sp03.firmseek.com mnc at sp03.firmseek.com
Mon Mar 9 17:47:17 UTC 2009 

Package: libapache2-mod-php5
Version: 5.2.6.dfsg.1-1+lenny2
Severity: normal

This problem seems to be unique to the build of PHP that came with this
update. It doesn't occur on my own 5.2.6 builds or on the 5.2.0-8+etch13 I
have running elsewhere.

Simple test case:

<?php
  $str = '<p>Hello, "Sammy."</p>';
  $packet = wddx_packet_start();
  wddx_add_vars($packet, 'str');
  $serialized = wddx_packet_end($packet);
  $unserialized = wddx_deserialize($serialized);
  var_dump($unserialized);
?>

If the output has the angle brackets and quotes stripped out, then you
are experiencing the bug. wddx_packet_end() is substituting HTML entities in
place of those characters - which is correct, or at least is what's happened
all along - but then wddx_deserialize is failing to de-entify them, and
instead is discarding them outright.

-- System Information:
Debian Release: squeeze/sid
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'oldstable'), (500, 'unstable'), (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.18-6-xen-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash

Versions of packages libapache2-mod-php5 depends on:
ii  apache2-mpm-prefor 2.2.11-2              Apache HTTP Server - traditional n
ii  apache2.2-common   2.2.11-2              Apache HTTP Server common files
ii  libbz2-1.0         1.0.5-1               high-quality block-sorting file co
ii  libc6              2.9-4                 GNU C Library: Shared libraries
ii  libcomerr2         1.41.3-1              common error description library
ii  libdb4.6           4.6.21-13             Berkeley v4.6 Database Libraries [
ii  libkrb53           1.6.dfsg.4~beta1-9    Transitional library package/krb4 
ii  libmagic1          4.26-2                File type determination library us
ii  libpcre3           7.8-2                 Perl 5 Compatible Regular Expressi
ii  libssl0.9.8        0.9.8g-15             SSL shared libraries
ii  libxml2            2.7.3.dfsg-1          GNOME XML library
ii  mime-support       3.44-1                MIME files 'mime.types' & 'mailcap
ii  php5-common        5.2.6.dfsg.1-1+lenny2 Common files for packages built fr
ii  tzdata             2009b-1               time zone and daylight-saving time
ii  ucf                3.0016                Update Configuration File: preserv
ii  zlib1g             1:1.2.3.3.dfsg-13     compression library - runtime

libapache2-mod-php5 recommends no packages.

Versions of packages libapache2-mod-php5 suggests:
ii  php-pear           5.2.6.dfsg.1-1+lenny2 PEAR - PHP Extension and Applicati

-- no debconf information

More information about the pkg-php-maint mailing list