Warning promotion: Throw on writing invalid XML tag names

Dik Takken · nikic · commit 6dac6a996e09 · 2020-09-29T16:52:47.000+02:00
This change throws a ValueError when an invalid tag name is passed to XMLWriter. The rationale is that this indicates a programming error because tag names typically originate from string literals or application code generating them. This translates into either a typo or a flaw in tag generation logic. Closes GH-6233.
diff --git a/ext/xmlwriter/php_xmlwriter.c b/ext/xmlwriter/php_xmlwriter.c
@@ -88,10 +88,10 @@ static zend_object *xmlwriter_object_new(zend_class_entry *class_type)
 }
 /* }}} */
 
-#define XMLW_NAME_CHK(__err) \
+#define XMLW_NAME_CHK(__arg_no, __subject) \
 	if (xmlValidateName((xmlChar *) name, 0) != 0) {	\
-		php_error_docref(NULL, E_WARNING, "%s", __err);	\
-		RETURN_FALSE;	\
+		zend_argument_value_error(__arg_no, "must be a valid %s, \"%s\" given", __subject, name);	\
+		RETURN_THROWS();	\
 	}	\
 
 /* {{{ function prototypes */
@@ -199,7 +199,7 @@ static void xmlwriter_objects_clone(void *object, void **object_clone)
 }
 }}} */
 
-static void php_xmlwriter_string_arg(INTERNAL_FUNCTION_PARAMETERS, xmlwriter_read_one_char_t internal_function, char *err_string)
+static void php_xmlwriter_string_arg(INTERNAL_FUNCTION_PARAMETERS, xmlwriter_read_one_char_t internal_function, char *subject_name)
 {
 	xmlTextWriterPtr ptr;
 	char *name;
@@ -212,8 +212,8 @@ static void php_xmlwriter_string_arg(INTERNAL_FUNCTION_PARAMETERS, xmlwriter_rea
 	}
 	XMLWRITER_FROM_OBJECT(ptr, self);
 
-	if (err_string != NULL) {
-		XMLW_NAME_CHK(err_string);
+	if (subject_name != NULL) {
+		XMLW_NAME_CHK(2, subject_name);
 	}
 
 	if (ptr) {
@@ -281,7 +281,7 @@ PHP_FUNCTION(xmlwriter_set_indent_string)
 /* {{{ Create start attribute - returns FALSE on error */
 PHP_FUNCTION(xmlwriter_start_attribute)
 {
-	php_xmlwriter_string_arg(INTERNAL_FUNCTION_PARAM_PASSTHRU, xmlTextWriterStartAttribute, "Invalid Attribute Name");
+	php_xmlwriter_string_arg(INTERNAL_FUNCTION_PARAM_PASSTHRU, xmlTextWriterStartAttribute, "attribute name");
 }
 /* }}} */
 
@@ -307,7 +307,7 @@ PHP_FUNCTION(xmlwriter_start_attribute_ns)
 	}
 	XMLWRITER_FROM_OBJECT(ptr, self);
 
-	XMLW_NAME_CHK("Invalid Attribute Name");
+	XMLW_NAME_CHK(3, "attribute name");
 
 	if (ptr) {
 		retval = xmlTextWriterStartAttributeNS(ptr, (xmlChar *)prefix, (xmlChar *)name, (xmlChar *)uri);
@@ -335,7 +335,7 @@ PHP_FUNCTION(xmlwriter_write_attribute)
 	}
 	XMLWRITER_FROM_OBJECT(ptr, self);
 
-	XMLW_NAME_CHK("Invalid Attribute Name");
+	XMLW_NAME_CHK(2, "attribute name");
 
 	if (ptr) {
 		retval = xmlTextWriterWriteAttribute(ptr, (xmlChar *)name, (xmlChar *)content);
@@ -363,7 +363,7 @@ PHP_FUNCTION(xmlwriter_write_attribute_ns)
 	}
 	XMLWRITER_FROM_OBJECT(ptr, self);
 
-	XMLW_NAME_CHK("Invalid Attribute Name");
+	XMLW_NAME_CHK(3, "attribute name");
 
 	if (ptr) {
 		retval = xmlTextWriterWriteAttributeNS(ptr, (xmlChar *)prefix, (xmlChar *)name, (xmlChar *)uri, (xmlChar *)content);
@@ -379,7 +379,7 @@ PHP_FUNCTION(xmlwriter_write_attribute_ns)
 /* {{{ Create start element tag - returns FALSE on error */
 PHP_FUNCTION(xmlwriter_start_element)
 {
-	php_xmlwriter_string_arg(INTERNAL_FUNCTION_PARAM_PASSTHRU, xmlTextWriterStartElement, "Invalid Element Name");
+	php_xmlwriter_string_arg(INTERNAL_FUNCTION_PARAM_PASSTHRU, xmlTextWriterStartElement, "element name");
 }
 /* }}} */
 
@@ -398,7 +398,7 @@ PHP_FUNCTION(xmlwriter_start_element_ns)
 	}
 	XMLWRITER_FROM_OBJECT(ptr, self);
 
-	XMLW_NAME_CHK("Invalid Element Name");
+	XMLW_NAME_CHK(3, "element name");
 
 	if (ptr) {
 		retval = xmlTextWriterStartElementNS(ptr, (xmlChar *)prefix, (xmlChar *)name, (xmlChar *)uri);
@@ -441,7 +441,7 @@ PHP_FUNCTION(xmlwriter_write_element)
 	}
 	XMLWRITER_FROM_OBJECT(ptr, self);
 
-	XMLW_NAME_CHK("Invalid Element Name");
+	XMLW_NAME_CHK(2, "element name");
 
 	if (ptr) {
 		if (!content) {
@@ -480,7 +480,7 @@ PHP_FUNCTION(xmlwriter_write_element_ns)
 	}
 	XMLWRITER_FROM_OBJECT(ptr, self);
 
-	XMLW_NAME_CHK("Invalid Element Name");
+	XMLW_NAME_CHK(3, "element name");
 
 	if (ptr) {
 		if (!content) {
@@ -507,7 +507,7 @@ PHP_FUNCTION(xmlwriter_write_element_ns)
 /* {{{ Create start PI tag - returns FALSE on error */
 PHP_FUNCTION(xmlwriter_start_pi)
 {
-	php_xmlwriter_string_arg(INTERNAL_FUNCTION_PARAM_PASSTHRU, xmlTextWriterStartPI, "Invalid PI Target");
+	php_xmlwriter_string_arg(INTERNAL_FUNCTION_PARAM_PASSTHRU, xmlTextWriterStartPI, "PI target");
 }
 /* }}} */
 
@@ -533,7 +533,7 @@ PHP_FUNCTION(xmlwriter_write_pi)
 	}
 	XMLWRITER_FROM_OBJECT(ptr, self);
 
-	XMLW_NAME_CHK("Invalid PI Target");
+	XMLW_NAME_CHK(2, "PI target");
 
 	if (ptr) {
 		retval = xmlTextWriterWritePI(ptr, (xmlChar *)name, (xmlChar *)content);
@@ -726,7 +726,7 @@ PHP_FUNCTION(xmlwriter_write_dtd)
 /* {{{ Create start DTD element - returns FALSE on error */
 PHP_FUNCTION(xmlwriter_start_dtd_element)
 {
-	php_xmlwriter_string_arg(INTERNAL_FUNCTION_PARAM_PASSTHRU, xmlTextWriterStartDTDElement, "Invalid Element Name");
+	php_xmlwriter_string_arg(INTERNAL_FUNCTION_PARAM_PASSTHRU, xmlTextWriterStartDTDElement, "element name");
 }
 /* }}} */
 
@@ -752,7 +752,7 @@ PHP_FUNCTION(xmlwriter_write_dtd_element)
 	}
 	XMLWRITER_FROM_OBJECT(ptr, self);
 
-	XMLW_NAME_CHK("Invalid Element Name");
+	XMLW_NAME_CHK(2, "element name");
 
 	if (ptr) {
 		retval = xmlTextWriterWriteDTDElement(ptr, (xmlChar *)name, (xmlChar *)content);
@@ -768,7 +768,7 @@ PHP_FUNCTION(xmlwriter_write_dtd_element)
 /* {{{ Create start DTD AttList - returns FALSE on error */
 PHP_FUNCTION(xmlwriter_start_dtd_attlist)
 {
-	php_xmlwriter_string_arg(INTERNAL_FUNCTION_PARAM_PASSTHRU, xmlTextWriterStartDTDAttlist, "Invalid Element Name");
+	php_xmlwriter_string_arg(INTERNAL_FUNCTION_PARAM_PASSTHRU, xmlTextWriterStartDTDAttlist, "element name");
 }
 /* }}} */
 
@@ -794,7 +794,7 @@ PHP_FUNCTION(xmlwriter_write_dtd_attlist)
 	}
 	XMLWRITER_FROM_OBJECT(ptr, self);
 
-	XMLW_NAME_CHK("Invalid Element Name");
+	XMLW_NAME_CHK(2, "element name");
 
 	if (ptr) {
 		retval = xmlTextWriterWriteDTDAttlist(ptr, (xmlChar *)name, (xmlChar *)content);
@@ -822,7 +822,7 @@ PHP_FUNCTION(xmlwriter_start_dtd_entity)
 	}
 	XMLWRITER_FROM_OBJECT(ptr, self);
 
-	XMLW_NAME_CHK("Invalid Attribute Name");
+	XMLW_NAME_CHK(2, "attribute name");
 
 	if (ptr) {
 		retval = xmlTextWriterStartDTDEntity(ptr, isparm, (xmlChar *)name);
@@ -862,7 +862,7 @@ PHP_FUNCTION(xmlwriter_write_dtd_entity)
 	}
 	XMLWRITER_FROM_OBJECT(ptr, self);
 
-	XMLW_NAME_CHK("Invalid Element Name");
+	XMLW_NAME_CHK(2, "element name");
 
 	if (ptr) {
 		retval = xmlTextWriterWriteDTDEntity(ptr, pe, (xmlChar *)name, (xmlChar *)pubid, (xmlChar *)sysid, (xmlChar *)ndataid, (xmlChar *)content);
diff --git a/ext/xmlwriter/tests/010.phpt b/ext/xmlwriter/tests/010.phpt
@@ -14,12 +14,27 @@ $xw = xmlwriter_open_uri($file);
 var_dump(xmlwriter_start_element($xw, "tag"));
 var_dump(xmlwriter_start_attribute($xw, "attr"));
 var_dump(xmlwriter_end_attribute($xw));
-var_dump(xmlwriter_start_attribute($xw, "-1"));
+
+try {
+    xmlwriter_start_attribute($xw, "-1");
+} catch (ValueError $e) {
+    echo $e->getMessage(), "\n";
+}
+
 var_dump(xmlwriter_end_attribute($xw));
-var_dump(xmlwriter_start_attribute($xw, "\""));
+
+try {
+    xmlwriter_start_attribute($xw, "\"");
+} catch (ValueError $e) {
+     echo $e->getMessage(), "\n";
+}
+
 var_dump(xmlwriter_end_attribute($xw));
 var_dump(xmlwriter_end_element($xw));
 
+// Force to write and empty the buffer
+xmlwriter_flush($xw, empty: true);
+
 unset($xw);
 
 var_dump(file_get_contents($file));
@@ -32,13 +47,9 @@ echo "Done\n";
 bool(true)
 bool(true)
 bool(true)
-
-Warning: xmlwriter_start_attribute(): Invalid Attribute Name in %s on line %d
-bool(false)
-bool(false)
-
-Warning: xmlwriter_start_attribute(): Invalid Attribute Name in %s on line %d
+xmlwriter_start_attribute(): Argument #2 ($name) must be a valid attribute name, "-1" given
 bool(false)
+xmlwriter_start_attribute(): Argument #2 ($name) must be a valid attribute name, """ given
 bool(false)
 bool(true)
 string(14) "<tag attr=""/>"

Original file line number	Diff line number	Diff line change
`@@ -88,10 +88,10 @@ static zend_object xmlwriter_object_new(zend_class_entry class_type)`
`88`	`88`	`}`
`89`	`89`	`/* }}} */`
`90`	`90`
`91`		`-#define XMLW_NAME_CHK(__err) \`
	`91`	`+#define XMLW_NAME_CHK(__arg_no, __subject) \`
`92`	`92`	`if (xmlValidateName((xmlChar *) name, 0) != 0) { \`
`93`		`- php_error_docref(NULL, E_WARNING, "%s", __err); \`
`94`		`- RETURN_FALSE; \`
	`93`	`+ zend_argument_value_error(__arg_no, "must be a valid %s, \"%s\" given", __subject, name); \`
	`94`	`+ RETURN_THROWS(); \`
`95`	`95`	`} \`
`96`	`96`
`97`	`97`	`/* {{{ function prototypes */`
`@@ -199,7 +199,7 @@ static void xmlwriter_objects_clone(void object, void *object_clone)`
`199`	`199`	`}`
`200`	`200`	`}}} */`
`201`	`201`
`202`		`-static void php_xmlwriter_string_arg(INTERNAL_FUNCTION_PARAMETERS, xmlwriter_read_one_char_t internal_function, char *err_string)`
	`202`	`+static void php_xmlwriter_string_arg(INTERNAL_FUNCTION_PARAMETERS, xmlwriter_read_one_char_t internal_function, char *subject_name)`
`203`	`203`	`{`
`204`	`204`	`xmlTextWriterPtr ptr;`
`205`	`205`	`char *name;`
`@@ -212,8 +212,8 @@ static void php_xmlwriter_string_arg(INTERNAL_FUNCTION_PARAMETERS, xmlwriter_rea`
`212`	`212`	`}`
`213`	`213`	`XMLWRITER_FROM_OBJECT(ptr, self);`
`214`	`214`
`215`		`- if (err_string != NULL) {`
`216`		`- XMLW_NAME_CHK(err_string);`
	`215`	`+ if (subject_name != NULL) {`
	`216`	`+ XMLW_NAME_CHK(2, subject_name);`
`217`	`217`	`}`
`218`	`218`
`219`	`219`	`if (ptr) {`
`@@ -281,7 +281,7 @@ PHP_FUNCTION(xmlwriter_set_indent_string)`
`281`	`281`	`/* {{{ Create start attribute - returns FALSE on error */`
`282`	`282`	`PHP_FUNCTION(xmlwriter_start_attribute)`
`283`	`283`	`{`
`284`		`- php_xmlwriter_string_arg(INTERNAL_FUNCTION_PARAM_PASSTHRU, xmlTextWriterStartAttribute, "Invalid Attribute Name");`
	`284`	`+ php_xmlwriter_string_arg(INTERNAL_FUNCTION_PARAM_PASSTHRU, xmlTextWriterStartAttribute, "attribute name");`
`285`	`285`	`}`
`286`	`286`	`/* }}} */`
`287`	`287`
`@@ -307,7 +307,7 @@ PHP_FUNCTION(xmlwriter_start_attribute_ns)`
`307`	`307`	`}`
`308`	`308`	`XMLWRITER_FROM_OBJECT(ptr, self);`
`309`	`309`
`310`		`- XMLW_NAME_CHK("Invalid Attribute Name");`
	`310`	`+ XMLW_NAME_CHK(3, "attribute name");`
`311`	`311`
`312`	`312`	`if (ptr) {`
`313`	`313`	`retval = xmlTextWriterStartAttributeNS(ptr, (xmlChar )prefix, (xmlChar )name, (xmlChar *)uri);`
`@@ -335,7 +335,7 @@ PHP_FUNCTION(xmlwriter_write_attribute)`
`335`	`335`	`}`
`336`	`336`	`XMLWRITER_FROM_OBJECT(ptr, self);`
`337`	`337`
`338`		`- XMLW_NAME_CHK("Invalid Attribute Name");`
	`338`	`+ XMLW_NAME_CHK(2, "attribute name");`
`339`	`339`
`340`	`340`	`if (ptr) {`
`341`	`341`	`retval = xmlTextWriterWriteAttribute(ptr, (xmlChar )name, (xmlChar )content);`
`@@ -363,7 +363,7 @@ PHP_FUNCTION(xmlwriter_write_attribute_ns)`
`363`	`363`	`}`
`364`	`364`	`XMLWRITER_FROM_OBJECT(ptr, self);`
`365`	`365`
`366`		`- XMLW_NAME_CHK("Invalid Attribute Name");`
	`366`	`+ XMLW_NAME_CHK(3, "attribute name");`
`367`	`367`
`368`	`368`	`if (ptr) {`
`369`	`369`	`retval = xmlTextWriterWriteAttributeNS(ptr, (xmlChar )prefix, (xmlChar )name, (xmlChar )uri, (xmlChar )content);`
`@@ -379,7 +379,7 @@ PHP_FUNCTION(xmlwriter_write_attribute_ns)`
`379`	`379`	`/* {{{ Create start element tag - returns FALSE on error */`
`380`	`380`	`PHP_FUNCTION(xmlwriter_start_element)`
`381`	`381`	`{`
`382`		`- php_xmlwriter_string_arg(INTERNAL_FUNCTION_PARAM_PASSTHRU, xmlTextWriterStartElement, "Invalid Element Name");`
	`382`	`+ php_xmlwriter_string_arg(INTERNAL_FUNCTION_PARAM_PASSTHRU, xmlTextWriterStartElement, "element name");`
`383`	`383`	`}`
`384`	`384`	`/* }}} */`
`385`	`385`
`@@ -398,7 +398,7 @@ PHP_FUNCTION(xmlwriter_start_element_ns)`
`398`	`398`	`}`
`399`	`399`	`XMLWRITER_FROM_OBJECT(ptr, self);`
`400`	`400`
`401`		`- XMLW_NAME_CHK("Invalid Element Name");`
	`401`	`+ XMLW_NAME_CHK(3, "element name");`
`402`	`402`
`403`	`403`	`if (ptr) {`
`404`	`404`	`retval = xmlTextWriterStartElementNS(ptr, (xmlChar )prefix, (xmlChar )name, (xmlChar *)uri);`
`@@ -441,7 +441,7 @@ PHP_FUNCTION(xmlwriter_write_element)`
`441`	`441`	`}`
`442`	`442`	`XMLWRITER_FROM_OBJECT(ptr, self);`
`443`	`443`
`444`		`- XMLW_NAME_CHK("Invalid Element Name");`
	`444`	`+ XMLW_NAME_CHK(2, "element name");`
`445`	`445`
`446`	`446`	`if (ptr) {`
`447`	`447`	`if (!content) {`
`@@ -480,7 +480,7 @@ PHP_FUNCTION(xmlwriter_write_element_ns)`
`480`	`480`	`}`
`481`	`481`	`XMLWRITER_FROM_OBJECT(ptr, self);`
`482`	`482`
`483`		`- XMLW_NAME_CHK("Invalid Element Name");`
	`483`	`+ XMLW_NAME_CHK(3, "element name");`
`484`	`484`
`485`	`485`	`if (ptr) {`
`486`	`486`	`if (!content) {`
`@@ -507,7 +507,7 @@ PHP_FUNCTION(xmlwriter_write_element_ns)`
`507`	`507`	`/* {{{ Create start PI tag - returns FALSE on error */`
`508`	`508`	`PHP_FUNCTION(xmlwriter_start_pi)`
`509`	`509`	`{`
`510`		`- php_xmlwriter_string_arg(INTERNAL_FUNCTION_PARAM_PASSTHRU, xmlTextWriterStartPI, "Invalid PI Target");`
	`510`	`+ php_xmlwriter_string_arg(INTERNAL_FUNCTION_PARAM_PASSTHRU, xmlTextWriterStartPI, "PI target");`
`511`	`511`	`}`
`512`	`512`	`/* }}} */`
`513`	`513`
`@@ -533,7 +533,7 @@ PHP_FUNCTION(xmlwriter_write_pi)`
`533`	`533`	`}`
`534`	`534`	`XMLWRITER_FROM_OBJECT(ptr, self);`
`535`	`535`
`536`		`- XMLW_NAME_CHK("Invalid PI Target");`
	`536`	`+ XMLW_NAME_CHK(2, "PI target");`
`537`	`537`
`538`	`538`	`if (ptr) {`
`539`	`539`	`retval = xmlTextWriterWritePI(ptr, (xmlChar )name, (xmlChar )content);`
`@@ -726,7 +726,7 @@ PHP_FUNCTION(xmlwriter_write_dtd)`
`726`	`726`	`/* {{{ Create start DTD element - returns FALSE on error */`
`727`	`727`	`PHP_FUNCTION(xmlwriter_start_dtd_element)`
`728`	`728`	`{`
`729`		`- php_xmlwriter_string_arg(INTERNAL_FUNCTION_PARAM_PASSTHRU, xmlTextWriterStartDTDElement, "Invalid Element Name");`
	`729`	`+ php_xmlwriter_string_arg(INTERNAL_FUNCTION_PARAM_PASSTHRU, xmlTextWriterStartDTDElement, "element name");`
`730`	`730`	`}`
`731`	`731`	`/* }}} */`
`732`	`732`
`@@ -752,7 +752,7 @@ PHP_FUNCTION(xmlwriter_write_dtd_element)`
`752`	`752`	`}`
`753`	`753`	`XMLWRITER_FROM_OBJECT(ptr, self);`
`754`	`754`
`755`		`- XMLW_NAME_CHK("Invalid Element Name");`
	`755`	`+ XMLW_NAME_CHK(2, "element name");`
`756`	`756`
`757`	`757`	`if (ptr) {`
`758`	`758`	`retval = xmlTextWriterWriteDTDElement(ptr, (xmlChar )name, (xmlChar )content);`
`@@ -768,7 +768,7 @@ PHP_FUNCTION(xmlwriter_write_dtd_element)`
`768`	`768`	`/* {{{ Create start DTD AttList - returns FALSE on error */`
`769`	`769`	`PHP_FUNCTION(xmlwriter_start_dtd_attlist)`
`770`	`770`	`{`
`771`		`- php_xmlwriter_string_arg(INTERNAL_FUNCTION_PARAM_PASSTHRU, xmlTextWriterStartDTDAttlist, "Invalid Element Name");`
	`771`	`+ php_xmlwriter_string_arg(INTERNAL_FUNCTION_PARAM_PASSTHRU, xmlTextWriterStartDTDAttlist, "element name");`
`772`	`772`	`}`
`773`	`773`	`/* }}} */`
`774`	`774`
`@@ -794,7 +794,7 @@ PHP_FUNCTION(xmlwriter_write_dtd_attlist)`
`794`	`794`	`}`
`795`	`795`	`XMLWRITER_FROM_OBJECT(ptr, self);`
`796`	`796`
`797`		`- XMLW_NAME_CHK("Invalid Element Name");`
	`797`	`+ XMLW_NAME_CHK(2, "element name");`
`798`	`798`
`799`	`799`	`if (ptr) {`
`800`	`800`	`retval = xmlTextWriterWriteDTDAttlist(ptr, (xmlChar )name, (xmlChar )content);`
`@@ -822,7 +822,7 @@ PHP_FUNCTION(xmlwriter_start_dtd_entity)`
`822`	`822`	`}`
`823`	`823`	`XMLWRITER_FROM_OBJECT(ptr, self);`
`824`	`824`
`825`		`- XMLW_NAME_CHK("Invalid Attribute Name");`
	`825`	`+ XMLW_NAME_CHK(2, "attribute name");`
`826`	`826`
`827`	`827`	`if (ptr) {`
`828`	`828`	`retval = xmlTextWriterStartDTDEntity(ptr, isparm, (xmlChar *)name);`
`@@ -862,7 +862,7 @@ PHP_FUNCTION(xmlwriter_write_dtd_entity)`
`862`	`862`	`}`
`863`	`863`	`XMLWRITER_FROM_OBJECT(ptr, self);`
`864`	`864`
`865`		`- XMLW_NAME_CHK("Invalid Element Name");`
	`865`	`+ XMLW_NAME_CHK(2, "element name");`
`866`	`866`
`867`	`867`	`if (ptr) {`
`868`	`868`	`retval = xmlTextWriterWriteDTDEntity(ptr, pe, (xmlChar )name, (xmlChar )pubid, (xmlChar )sysid, (xmlChar )ndataid, (xmlChar *)content);`