From b957d1c4a6864cfe6c23c3741dcc26b0bff6718b Mon Sep 17 00:00:00 2001 From: Rob Bast Date: Wed, 3 Jun 2015 09:52:36 +0200 Subject: [PATCH 1/2] load xml as string from local file, fixes #3942 If the entity loader is disabled on a system, loading files, even from the local file system, is considered as external to the running php process, and thus not allowed by the libxml extension. Reading the file contents and loading the xml as a string is a valid alternative however. --- src/Composer/Downloader/PearPackageExtractor.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Composer/Downloader/PearPackageExtractor.php b/src/Composer/Downloader/PearPackageExtractor.php index ff0c90a9f..1106d927f 100644 --- a/src/Composer/Downloader/PearPackageExtractor.php +++ b/src/Composer/Downloader/PearPackageExtractor.php @@ -137,7 +137,7 @@ class PearPackageExtractor private function buildCopyActions($source, array $roles, $vars) { /** @var $package \SimpleXmlElement */ - $package = simplexml_load_file($this->combine($source, 'package.xml')); + $package = simplexml_load_string(file_get_contents($this->combine($source, 'package.xml'))); if (false === $package) { throw new \RuntimeException('Package definition file is not valid.'); } From d59115d7fa62b44cc980b2f030d7a0afc74f3ea9 Mon Sep 17 00:00:00 2001 From: Rob Bast Date: Wed, 3 Jun 2015 10:17:09 +0200 Subject: [PATCH 2/2] make unit tests assume a disabled entity loader --- .../Test/Downloader/PearPackageExtractorTest.php | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/tests/Composer/Test/Downloader/PearPackageExtractorTest.php b/tests/Composer/Test/Downloader/PearPackageExtractorTest.php index c053976d7..5429d109d 100644 --- a/tests/Composer/Test/Downloader/PearPackageExtractorTest.php +++ b/tests/Composer/Test/Downloader/PearPackageExtractorTest.php @@ -18,12 +18,16 @@ class PearPackageExtractorTest extends \PHPUnit_Framework_TestCase { public function testShouldExtractPackage_1_0() { + $state = libxml_disable_entity_loader(true); + $extractor = $this->getMockForAbstractClass('Composer\Downloader\PearPackageExtractor', array(), '', false); $method = new \ReflectionMethod($extractor, 'buildCopyActions'); $method->setAccessible(true); $fileActions = $method->invoke($extractor, __DIR__ . '/Fixtures/Package_v1.0', array('php' => '/'), array()); + libxml_disable_entity_loader($state); + $expectedFileActions = array( 'Gtk.php' => array( 'from' => 'PEAR_Frontend_Gtk-0.4.0/Gtk.php', @@ -49,12 +53,16 @@ class PearPackageExtractorTest extends \PHPUnit_Framework_TestCase public function testShouldExtractPackage_2_0() { + $state = libxml_disable_entity_loader(true); + $extractor = $this->getMockForAbstractClass('Composer\Downloader\PearPackageExtractor', array(), '', false); $method = new \ReflectionMethod($extractor, 'buildCopyActions'); $method->setAccessible(true); $fileActions = $method->invoke($extractor, __DIR__ . '/Fixtures/Package_v2.0', array('php' => '/'), array()); + libxml_disable_entity_loader($state); + $expectedFileActions = array( 'URL.php' => array( 'from' => 'Net_URL-1.0.15/URL.php', @@ -68,12 +76,16 @@ class PearPackageExtractorTest extends \PHPUnit_Framework_TestCase public function testShouldExtractPackage_2_1() { + $state = libxml_disable_entity_loader(true); + $extractor = $this->getMockForAbstractClass('Composer\Downloader\PearPackageExtractor', array(), '', false); $method = new \ReflectionMethod($extractor, 'buildCopyActions'); $method->setAccessible(true); $fileActions = $method->invoke($extractor, __DIR__ . '/Fixtures/Package_v2.1', array('php' => '/', 'script' => '/bin'), array()); + libxml_disable_entity_loader($state); + $expectedFileActions = array( 'php/Zend/Authentication/Storage/StorageInterface.php' => array( 'from' => 'Zend_Authentication-2.0.0beta4/php/Zend/Authentication/Storage/StorageInterface.php',