Suppress PHP warnings/notices during AtomPub XML parsing to avoid HTTP header problems when given bad input.

If display_errors is on, typical settings would cause PHP error messages to spew to output before the HTTP headers for setting a 400 error go through.
Also switched from deprecated static DOMDocument::loadXML() to non-static call.
This commit is contained in:
Brion Vibber 2011-03-15 10:09:20 -07:00
parent 7f4a9c4145
commit 9e9cbdf505

View File

@ -322,8 +322,11 @@ class ApiTimelineUserAction extends ApiBareAuthAction
$this->clientError(_('Atom post must not be empty.')); $this->clientError(_('Atom post must not be empty.'));
} }
$dom = DOMDocument::loadXML($xml); $old = error_reporting(error_reporting() & ~(E_WARNING | E_NOTICE));
if (!$dom) { $dom = new DOMDocument();
$ok = $dom->loadXML($xml);
error_reporting($old);
if (!$ok) {
// TRANS: Client error displayed attempting to post an API that is not well-formed XML. // TRANS: Client error displayed attempting to post an API that is not well-formed XML.
$this->clientError(_('Atom post must be well-formed XML.')); $this->clientError(_('Atom post must be well-formed XML.'));
} }