php · nielsdos · Feb 25, 2024 · Feb 25, 2024 · Girgias · Feb 26, 2024
@@ -0,0 +1,54 @@
+--TEST--
+DOMNamedNodeMap string references
+--EXTENSIONS--
+dom
+--FILE--
+<?php
+
+$dom = new DOMDocument;
+$dom->loadXML('<a href="hi" foo="bar"/>');
+
+$attributes = $dom->documentElement->attributes;
+
+var_dump(isset($attributes['href']), $attributes['href']->value);
+
+var_dump(isset($attributes['foo']), $attributes['foo']->value);
+
+$str = 'href';
+$ref =& $str;
+var_dump(isset($attributes[$ref]), $attributes[$ref]->value);
+
+$str = 'foo';
+$ref =& $str;
+var_dump(isset($attributes[$ref]), $attributes[$ref]->value);
+
+$str = 'this does not exist';
+$ref =& $str;
+var_dump(isset($attributes[$ref]), $attributes[$ref]->value);
+
+$str = '0';
+$ref =& $str;
+var_dump(isset($attributes[$ref]), $attributes[$ref]->value);
+
+$str = '1';
+$ref =& $str;
+var_dump(isset($attributes[$ref]), $attributes[$ref]->value);
+
+?>
+--EXPECTF--
+bool(true)
+string(2) "hi"
+bool(true)
+string(3) "bar"
+bool(true)
+string(2) "hi"
+bool(true)
+string(3) "bar"
+
+Warning: Attempt to read property "value" on null in %s on line %d
+bool(false)
+NULL
+bool(true)
+string(2) "hi"
+bool(true)
+string(3) "bar"
@@ -1643,6 +1643,8 @@ static zval *dom_nodelist_read_dimension(zend_object *object, zval *offset, int
 		return NULL;
 	}
 
+	ZVAL_DEREF(offset);
+
 	zend_long lval;
 	if (dom_nodemap_or_nodelist_process_offset_as_named(offset, &lval)) {
 		/* does not support named lookup */
@@ -1656,6 +1658,8 @@ static zval *dom_nodelist_read_dimension(zend_object *object, zval *offset, int
 
 static int dom_nodelist_has_dimension(zend_object *object, zval *member, int check_empty)
 {
+	ZVAL_DEREF(member);
+
 	zend_long offset;
 	if (dom_nodemap_or_nodelist_process_offset_as_named(member, &offset)) {
 		/* does not support named lookup */
@@ -1672,6 +1676,8 @@ static zval *dom_nodemap_read_dimension(zend_object *object, zval *offset, int t
 		return NULL;
 	}
 
+	ZVAL_DEREF(offset);
+
 	zend_long lval;
 	if (dom_nodemap_or_nodelist_process_offset_as_named(offset, &lval)) {
 		/* exceptional case, switch to named lookup */
@@ -1691,6 +1697,8 @@ static zval *dom_nodemap_read_dimension(zend_object *object, zval *offset, int t
 
 static int dom_nodemap_has_dimension(zend_object *object, zval *member, int check_empty)
 {
+	ZVAL_DEREF(member);
+
 	zend_long offset;
 	if (dom_nodemap_or_nodelist_process_offset_as_named(member, &offset)) {
 		/* exceptional case, switch to named lookup */

@@ -5,6 +5,8 @@ dom
 --FILE--
 <?php
 
+// Note: non-numeric string accesses fail on NodeLists (as per spec).
+
 $html = <<<HTML
 <div>data</div>
 <a href="test">hello world</a>
@@ -14,57 +16,56 @@ $doc->loadHTML($html);
 
 $nodes = $doc->getElementsByTagName('div');
 
-echo "testing has_dimension\n";
+echo "--- testing has_dimension ---\n";
 var_dump(isset($nodes[0]));
 var_dump(isset($nodes[1]));
 var_dump(isset($nodes[-1]));
 
-echo "testing property access\n";
+echo "--- testing property access ---\n";
 var_dump($nodes[0]->textContent);
 var_dump($nodes[1]->textContent);
 
-echo "testing offset not a long\n";
+echo "--- testing offset not a long: array ---\n";
 $offset = ['test'];
 var_dump($offset);
 var_dump(isset($nodes[$offset]), $nodes[$offset]->textContent);
-var_dump($offset);
 
-$something = 'test';
+echo "--- testing offset not a long: Reference to string ---\n";
+$something = 'href';
 $offset = &$something;
 
 var_dump($offset);
 var_dump(isset($nodes[$offset]), $nodes[$offset]->textContent);
-var_dump($offset);
 
+echo "--- testing offset not a long: string ---\n";
 $offset = 'test';
 var_dump($offset);
 var_dump(isset($nodes[$offset]), $nodes[$offset]->textContent);
-var_dump($offset);
 
-echo "testing read_dimension with null offset\n";
+echo "--- testing read_dimension with null offset ---\n";
 try {
     var_dump($nodes[][] = 1);
 } catch (Error $e) {
     echo $e->getMessage(), "\n";
 }
 
-echo "testing attribute access\n";
+echo "--- testing attribute access ---\n";
 $anchor = $doc->getElementsByTagName('a')[0];
 var_dump($anchor->attributes[0]->name);
 
 echo "==DONE==\n";
 ?>
 --EXPECTF--
-testing has_dimension
+--- testing has_dimension ---
 bool(true)
 bool(false)
 bool(false)
-testing property access
+--- testing property access ---
 string(4) "data"
 
 Warning: Attempt to read property "textContent" on null in %s on line %d
 NULL
-testing offset not a long
+--- testing offset not a long: array ---
 array(1) {
   [0]=>
   string(4) "test"
@@ -73,20 +74,20 @@ array(1) {
 Warning: Attempt to read property "textContent" on null in %s on line %d
 bool(false)
 NULL
-array(1) {
-  [0]=>
-  string(4) "test"
-}
-string(4) "test"
-bool(true)
-string(4) "data"
-string(4) "test"
-string(4) "test"
-bool(true)
-string(4) "data"
+--- testing offset not a long: Reference to string ---
+string(4) "href"
+
+Warning: Attempt to read property "textContent" on null in %s on line %d
+bool(false)
+NULL
+--- testing offset not a long: string ---
 string(4) "test"
-testing read_dimension with null offset
+
+Warning: Attempt to read property "textContent" on null in %s on line %d
+bool(false)
+NULL
+--- testing read_dimension with null offset ---
 Cannot access DOMNodeList without offset
-testing attribute access
+--- testing attribute access ---
 string(4) "href"
 ==DONE==