views:

2072

answers:

4

I have an application I am writing in PHP5, using the CodeIgniter framework. I have it running on both Windows (using Xampp) and Ubuntu (using standard Apache, PHP, MySQL stack).

I have a form, that takes XML, parses it (using simpleXML) and posts the results into a database.

On Windows - no problem, works as intended.

On Linux - big problem. It errors out.

I have double checked the XML, and it's fine.

I removed a large amount of the XML, and it seems that it is OK.

I think it's related to the size of the XML string being posted from the form, but am not sure. Again, on Windows it's OK - on Linux, it errors out.

The size of the data posted in the form is ~160k (yeah, that's a lot of text, but it's automated - AND it's gonna eventually be about 200k).

The error is below.

Any help much appreciated.

Fatal error: Uncaught exception 'Exception' with message 'String could not be parsed as XML' in /var/www/ci/system/application/controllers/system.php:49 Stack trace: #0 /var/www/ci/system/application/controllers/system.php(49): SimpleXMLElement->__construct('') #1 [internal function]: System->add_system() #2 /var/www/ci/system/codeigniter/CodeIgniter.php(233): call_user_func_array(Array, Array) #3 /var/www/ci/index.php(115): require_once('/var/www/ci/sys...') #4 {main} thrown in /var/www/ci/system/application/controllers/system.php on line 49

Line 49 looks like this:

$xml = new SimpleXMLElement($this->input->post('form_systemXML'));

EDIT - FIXED

Found the issue. Suhosin is installed on Ubuntu. in the file /etc/php5/apache2/conf.d/suhosin.ini, I enabled the line suhosin.post.max_value_length = 65000 and changed the value to 195000. Restarted Apache, and all good. Thanks for the pointers guys.

A: 

You may already have tried this approach but did you check the line endings? \r\n (DOS) as opposed to \n (UNIX)? It might be that the regular expressions that simpleXML uses might be confused by them on different platforms...

SimpleXML does not care about the line endings used.$a1="<root>\n<tag1>\r\n<tag2>\r</tag2></tag1></root>";
Stefan Gehrig
$x=new SimpleXmlElement($a1);print_r($x);SimpleXMLElement Object( [tag1] => SimpleXMLElement Object ( [tag2] => SimpleXMLElement Object ( [0] => ) ))
Stefan Gehrig
Nice try. The XML string _is_ generated in Windows, so I replaced all the line endings (unix2dos -u -o filename) in Ubuntu. Made no difference.
Mark Unwin
+1  A: 

Please check your PHP configuration on the Linux box and compare it to your Windows settings. Especially the following settings:

  • memory_limit
  • post_max_size
  • magic_quotes_gpc
  • max_input_time

Perhaps you can do a dump of the data posted to the script

print_r($_POST);

to see what data is really coming into the server.

Stefan Gehrig
memory_limit: linux 16m, Windows 32mpost_max_size: linux 8m, Windows 16mShall change linux settings and see what happens.
Mark Unwin
Damn - updated and restarted Apache (and double checked with phpinfo() ) - no change. Same error.
Mark Unwin
Tried adding print_r($_POST), but all that came back was Array ( [submit] => Submit ) Along with the existing error message. There should be a variable for "form_systemXML". Not sure... maybe apache config ?
Mark Unwin
I cut down the XML input from 2870 lines to 990. Worked fine. Am sure it's related to size...
Mark Unwin
A: 

Update - found this in syslog

Nov 4 21:53:32 ubu804 suhosin[7944]: ALERT - configured request variable value length limit exceeded - dropped variable 'form_systemXML' (attacker '127.0.0.1', file '/var/www/ci/index.php')

Am looking at the apache config, now.

Mark Unwin
+2  A: 

It seems like you're running the Suhosin PHP extension. Please have a look at the configuration documentation at: http://www.hardened-php.net/suhosin/configuration.html.

The relevant option seems to be (I've never used the Suhosin extension): suhosin.post.max_value_length and/or suhosin.request.max_value_length

Stefan Gehrig
Thanks man - found it and all good.
Mark Unwin
Voting and accepting would be nice as it points users with similar problems to the correct answer ;-)
Stefan Gehrig
Would do - if I had the reputation so I could...
Mark Unwin
You should be able to accept answers by clicking the check mark on the left. I don't think accepting an answer is reputation constrained.
Stefan Gehrig