dependency-injection - Spaces in system temp folder path cause deprecation errors in php 8 about libxml_disable_entity_loader #46799

demeritcowboy · 2022-06-29T03:01:43Z

Symfony version(s) affected

4.4+

Description

In https://github.com/symfony/dependency-injection/blob/ffaa7b47a728b8a644ced7dce6e3f7b89b1c06bb/Loader/XmlFileLoader.php#L686, it creates a file:// url that isn't url-encoded. This causes shouldEnableEntityLoader() to return true in php 8 instead of false when e.g. the temp folder path contains spaces.

How to reproduce

If you have a local windows dev setup, the temp folder path might be something like C:\Users\Your Name\AppData\Local\Temp. If you don't have that or control over the system temp folder path, then you can temporarily edit https://github.com/symfony/dependency-injection/blob/ffaa7b47a728b8a644ced7dce6e3f7b89b1c06bb/Loader/XmlFileLoader.php#L680 to set $tmpfile to a path that you know exists and has spaces.

Make a little file x.xml like this:

<container xmlns="http://symfony.com/schema/dic/services"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xsi:schemaLocation="http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd">
  <services>
  </services>
</container>

Make a little php file like this:

<?php
require_once 'vendor/autoload.php';
$containerBuilder = new \Symfony\Component\DependencyInjection\ContainerBuilder();
$loader = new \Symfony\Component\DependencyInjection\Loader\XmlFileLoader($containerBuilder, new \Symfony\Component\Config\FileLocator(__DIR__));
$loader->load('x.xml');

Using php8, run your php file.
PHP Deprecated: Function libxml_disable_entity_loader() is deprecated in ...\vendor\symfony\dependency-injection\Loader\XmlFileLoader.php

Possible Solution

Patch to https://github.com/symfony/dependency-injection/blob/ffaa7b47a728b8a644ced7dce6e3f7b89b1c06bb/Loader/XmlFileLoader.php#L686:

-<xsd:include schemaLocation="file:///'.str_replace('\\', '/', $tmpfile).'" />';
+<xsd:include schemaLocation="file:///'.rawurlencode(str_replace('\\', '/', $tmpfile)).'" />';

Additional Context

I admit I haven't run it against 6.x. Where this came up in real life was in a 3rd party web app that uses version 4.4 of symfony/dependency-injection, but the code is the same as 6.x.

The text was updated successfully, but these errors were encountered:

demeritcowboy · 2022-06-29T03:22:45Z

Added PR at #46800

… in php 8 (demeritcowboy) This PR was merged into the 4.4 branch. Discussion ---------- Spaces in system temp folder path cause deprecation errors in php 8 | Q | A | ------------- | --- | Branch? | 4.4 | Bug fix? | yes | New feature? | no | Deprecations? | no | Tickets | Fix #46799 | License | MIT | Doc PR | See #46799 Commits ------- 2ac82ac Spaces in system temp folder path cause deprecation errors in php 8

demeritcowboy added the Bug label Jun 29, 2022

carsonbot added the Status: Needs Review label Jun 29, 2022

demeritcowboy mentioned this issue Jun 29, 2022

[DependencyInjection] Spaces in system temp folder path cause deprecation errors in php 8 #46800

Merged

nicolas-grekas closed this as completed Jun 29, 2022

xabbuh added the DependencyInjection label Jul 4, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

dependency-injection - Spaces in system temp folder path cause deprecation errors in php 8 about libxml_disable_entity_loader #46799

dependency-injection - Spaces in system temp folder path cause deprecation errors in php 8 about libxml_disable_entity_loader #46799

Uh oh!

Uh oh!

dependency-injection - Spaces in system temp folder path cause deprecation errors in php 8 about libxml_disable_entity_loader #46799

dependency-injection - Spaces in system temp folder path cause deprecation errors in php 8 about libxml_disable_entity_loader #46799

Comments

Uh oh!

Symfony version(s) affected

Description

How to reproduce

Possible Solution

Additional Context

Uh oh!