search

php / php-src

The PHP Interpreter
https://www.php.net
Other
38.18k stars 7.75k forks source link

SimpleXML element comparison is broken #12171

Open nielsdos opened 1 year ago

nielsdos commented 1 year ago

Description

The following code:

<?php

$xml = "<root><first/><second/><third/></root>";
$xml = simplexml_load_string($xml);
var_dump($xml->first == $xml->second);

Resulted in this output:

bool(true)

But I expected this output instead:

bool(false)

It's because the wrong node is fetched, i.e. it doesn't take into account the iterating nature of the simple xml objects. PoC fix patch (needs more testing and thinking): https://gist.github.com/nielsdos/f8e232836d72e68c5d3418116ddad877

PHP Version

PHP 5.0.0-master

Operating System

Linux

nielsdos commented 1 year ago

(EDIT: this was originally a reply to someone, but original message was deleted) That's incorrect. SimpleXMLElement overrides the comparison operator. It has a bug in its implementation. Identity operator has nothing to do with this. In fact, it's not reliable because the objects are created on-demand: e.g. var_dump($xml->first === $xml->first); return false.

Also, this also returns true: var_dump($xml->first == $xml);. And these tests output false but they should output true: https://3v4l.org/UhNcl