The line

$xmlrpc_message->message = preg_replace('/<\?xml(.*)?\?'.'>/', '', $xmlrpc_message->message);

in xmlrpc_message_parse() is not save for big XML-PRC responses (>100.000 chars). preg_replace() has an implicit limit (see http://de3.php.net/preg_replace#84285) and returns NULL for the big XML-RPC responses.

I propose to use a less elegant, but working(!) version:

$pos1 = strpos($xmlrpc_message->message, '<?xml');
if ($pos1 !== FALSE) {
$pos2 = strpos($xmlrpc_message->message, '?>', $pos1);
if ($pos1 !== FALSE) {
$xmlrpc_message->message = substr($xmlrpc_message->message, $pos2+2);
}
}

Since the issue makes xmlrpc() not working for all kind of responses, I mark this issue as critical.

Comments

mikey_p’s picture

mikey_p commented
Title: xmlrpc_message_parse() in xmlrpc.ini is not save for big XML-RPC responses » xmlrpc_message_parse() in xmlrpc.inc is not safe for big XML-RPC responses
bjcool’s picture

bjcool commented

What is the status of this bug? Currently the xmlrpc client is not useable for some/many responses. Does some care?

bjcool’s picture

bjcool commented
Version: 6.13 » 7.x-dev
Component: other » xml-rpc system

Switching to 7.x-dev since this issue is also present in 7.x-dev.

robbertnl’s picture

robbertnl commented

Subscribing. Also getting 'Parse error. Request not well formed' when saving big(>98k) body fields via XMLRPC (Using Drupal 6.14 and Services module).
Workaround by bjcool works for me. So i hope this bug will be fixed for 6.x as well.

bjcool’s picture

bjcool commented

As workaround you can configure greater limits for pcre:

ini_set('pcre.backtrack_limit', 1000000);
ini_set('pcre.recursion_limit', 1000000);
damien tournoud’s picture

damien tournoud commented
Status: Active » Closed (duplicate)

This is a duplicate of #265973: XML-RPC chokes with long server response.