[php-maint] Bug#883747: php7.0-xmlrpc: Wrong numeric entities convertion in xmlrpc_encode_request

Mathieu Petit-Clair mathieu at temlaz.ws
Thu Dec 7 06:26:15 UTC 2017 

Package: php7.0-xmlrpc
Version: 7.0.26-1
Severity: normal

Dear Maintainer,

There is bug in the xmlrpc extension, when calling xmlrpc_encode() with
a range of characters.

To reproduce using php -a :

echo xmlrpc_encode('Π');

Result in sid:

<?xml version="1.0" encoding="utf-8"?>
<params>
<param>
 <value>
  <string> </string>
 </value>
</param>
</params>

Expected:

The value in <string>...</string> should be Π (note the extra
zero).

The good value can also be found on http://graphemica.com/%CE%A0 as the
"URL Escape Code", as seen in this URL and by
converting 206 to 0xCE and 160 to 0xA0.

We got the expected result by compiling PHP ourselves, which makes this
look like a Debian specific bug.

PHP bug 28597 - https://bugs.php.net/bug.php?id=28597 - provides a
solution to this issue, but does not appear to prevent it in this case.

Thanks for your help,


-- Package-specific info:
==== Additional PHP 7.0 information ====

++++ PHP @PHP_VERSION SAPI (php7.0query -S): ++++

++++ PHP 7.0 Extensions (php7.0query -M -v): ++++

++++ Configuration files: ++++
**** /etc/php/7.0/mods-available/xmlrpc.ini ****
extension=xmlrpc.so


-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.14.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=fr_CA.UTF-8, LC_CTYPE=fr_CA.UTF-8 (charmap=UTF-8), LANGUAGE=fr:en_GB (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages php7.0-xmlrpc depends on:
ii  libc6           2.25-3
ii  libxml2         2.9.4+dfsg1-5.1
ii  libxmlrpc-epi0  0.54.2-1.2
ii  php-common      1:56
ii  php7.0-common   7.0.26-1
ii  ucf             3.0036

php7.0-xmlrpc recommends no packages.

php7.0-xmlrpc suggests no packages.

Versions of packages php7.0-common depends on:
ii  libc6       2.25-3
ii  libssl1.1   1.1.0g-2
ii  php-common  1:56
ii  ucf         3.0036

Versions of packages php7.0-cli depends on:
ii  libc6            2.25-3
ii  libedit2         3.1-20170329-1
ii  libmagic1        1:5.32-1
ii  libpcre3         2:8.39-8
ii  libssl1.1        1.1.0g-2
ii  libxml2          2.9.4+dfsg1-5.1
ii  mime-support     3.60
ii  php7.0-common    7.0.26-1
ii  php7.0-json      7.0.26-1
ii  php7.0-opcache   7.0.26-1
ii  php7.0-readline  7.0.26-1
ii  tzdata           2017c-1
ii  ucf              3.0036
ii  zlib1g           1:1.2.8.dfsg-5

Versions of packages php7.0-cli suggests:
ii  php-pear  1:1.10.5+submodules+notgz-1

Versions of packages libapache2-mod-php7.0 depends on:
ii  apache2-bin [apache2-api-20120211]  2.4.29-1
ii  libc6                               2.25-3
ii  libmagic1                           1:5.32-1
ii  libpcre3                            2:8.39-8
ii  libssl1.1                           1.1.0g-2
ii  libxml2                             2.9.4+dfsg1-5.1
ii  mime-support                        3.60
ii  php7.0-cli                          7.0.26-1
ii  php7.0-common                       7.0.26-1
ii  php7.0-json                         7.0.26-1
ii  php7.0-opcache                      7.0.26-1
ii  tzdata                              2017c-1
ii  ucf                                 3.0036
ii  zlib1g                              1:1.2.8.dfsg-5

Versions of packages libapache2-mod-php7.0 recommends:
ii  apache2  2.4.29-1

Versions of packages libapache2-mod-php7.0 suggests:
ii  php-pear  1:1.10.5+submodules+notgz-1

-- no debconf information

More information about the pkg-php-maint mailing list