#50 Type guessing for <int>...</int> in XMLRPC is incorrect

0.60
closed-fixed
Misc/Other (17)
5
2007-10-02
2004-10-06
Anonymous
No

You guess whether something is an integer by the
following test (lib/XMLRPC/Lite.pm line 56):

sub {$_[0] =~ /^[+-]?\d+$/}

The spec defines an integer as, "a 32-bit signed
number. You can include a plus or minus at the
beginning of a string of numeric characters. Leading
zeros are collapsed. Whitespace is not permitted. Just
numeric characters preceeded by a plus or minus."

The regex above will catch numbers which cannot be
expressed in 32 bits; it will also catch numbers which
can't be represented without loss of information as
integers. For instance, if I have a phone number like
"0012125551234", then it will get turned into
"<int>0012125551234</int>", and when parsed on the
receiving end, is likely to wind up without its leading
zeroes.

The solution is to use

sub {int($_[0]) eq $_[0] and $_[0] >= -2147483647 and
$_[0] <= 2147483647}

as the test.

Patch here:

--- Lite.pm.orig Wed Oct 6 20:04:39 2004
+++ Lite.pm Wed Oct 6 20:05:18 2004
@@ -53,7 +53,7 @@
$self = $class->SUPER::new(
typelookup => {
base64 => [10, sub {$_[0] =~
/[^\x09\x0a\x0d\x20-\x7f]/}, 'as_base64'],
- int => [20, sub {$_[0] =~ /^[+-]?\d+$/},
'as_int'],
+ int => [20, sub {int($_[0]) eq $_[0] and
$_[0] >= -2147483647 and $_[0] <= 2147483647}, 'as_int'],
double => [30, sub {$_[0] =~
/^(-?(?:\d+(?:\.\d*)?|\.\d+)|([+-]?)(?=\d|\.\d)\d*(\.\d*)?([Ee]([+-]?\d+))?)$/},
'as_double'],
dateTime => [35, sub {$_[0] =~
/^\d{8}T\d\d:\d\d:\d\d$/}, 'as_dateTime'],
string => [40, sub {1}, 'as_string'],

-- Chris Lightfoot <chris@ex-parrot.com>

Discussion

  • Byrne Reese

    Byrne Reese - 2004-10-06

    Logged In: YES
    user_id=28043

    This has been fixed, and will be released in SOAP::Lite
    0.65. Thank you for the patch.

     
  • Byrne Reese

    Byrne Reese - 2004-10-06
    • labels: --> Misc/Other
    • milestone: --> 0.60
    • assigned_to: nobody --> byrnereese
    • status: open --> open-fixed
     
  • Nobody/Anonymous

    Logged In: NO

    oh -- one thing. that patch produces warnings about calling
    int() on a non-integer. so it should test against /^-?\d+$/
    before doing the int($_) eq $_ check.

    -- Chris Lightfoot <chris@ex-parrot.com>

     
  • Martin Kutter

    Martin Kutter - 2007-10-02

    Logged In: YES
    user_id=884175
    Originator: NO

    Closed as byrne already fixed this.

     
  • Martin Kutter

    Martin Kutter - 2007-10-02
    • assigned_to: byrnereese --> kutterma
    • status: open-fixed --> closed-fixed
     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.





No, thanks