#516916 xsltproc: External entity problems for directory names containing spaces

Package:
libxml2
Source:
libxml2
Description:
GNOME XML library
Submitter:
Julien LANGLOIS
Date:
2024-01-04 17:39:14 UTC
Severity:
important
Tags:
#516916#5
Date:
2009-02-24 13:26:45 UTC
From:
To:
Using that files in the same directory:

book.xml <<END_BOOK
<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "/usr/share/xml/docbook/schema/dtd/4.5/docbookx.dtd" [
  <!ENTITY preface SYSTEM "preface.xml">
]>

<book>
  &preface;
</book>
END_BOOK


preface.xml<<END_PREFACE
?xml version="1.0" encoding="utf-8" ?>

<preface>
  <title>About this document</title>
</preface>
END_PREFACE


When the directory name contain space, the following command return an error but it's working well when the directory name doesn't contain spaces.

$ dblatex -T db2latex book.xml
Build the listings...
warning: failed to load external entity "preface.xml"
/home/julien/foo bar/book.xml:7: parser error : Failure to process entity preface
  &preface;
           ^
/home/julien/foo bar/book.xml:7: parser error : Entity 'preface' not defined
  &preface;
           ^
unable to parse /home/julien/foo bar/book.xml

#516916#8
Date:
2009-02-25 20:10:25 UTC
From:
To:
As observed by Benoît Guillon, dblatex's upstream author (thanks!),
trying to convert your DocBook documents to HTML using the standard
DocBook stylesheets fails with the same *xsltproc* error messages:
$ pwd
/home/ah/dblatex/work/bug 516916
$ cd /tmp && xsltproc /usr/share/xml/docbook/stylesheet/nwalsh/xhtml/docbook.xsl '/home/ah/dblatex/work/bug 516916/book.xml'
warning: failed to load external entity "preface.xml"
/home/ah/dblatex/work/bug 516916/book.xml:7: parser error : Failure to process entity preface
  &preface;
           ^
/home/ah/dblatex/work/bug 516916/book.xml:7: parser error : Entity 'preface' not defined
  &preface;
           ^
unable to parse /home/ah/dblatex/work/bug 516916/book.xml
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

Thus this is actually an xsltproc problem.  As dblatex calls xsltproc
internally (from a temporary work directory), it it doomed to fail, too.

Benoît mentions the workaround of using xinclude instead of external
entities for file inclusion, e.g.:

<xi:include href="preface.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/>

I will reassign this report to package xsltproc for a fix.

Regards, Andreas

#516916#19
Date:
2009-02-26 07:37:47 UTC
From:
To:
reassign 516916 libxml2
thanks

$ xmllint --noent /tmp/foo\ bar/book.xml
warning: failed to load external entity "preface.xml"
/tmp/foo bar/book.xml:7: parser error : Failure to process entity preface
  &preface;
           ^
/tmp/foo bar/book.xml:7: parser error : Entity 'preface' not defined
  &preface;


Mike

PS for the original bug reporter: you shouln't use the local path for
the docbook dtd in your document:
<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"/usr/share/xml/docbook/schema/dtd/4.5/docbookx.dtd" [

but the full url instead:
<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

The url will be transformed into the local path using the xml catalog.

#516916#22
Date:
2009-02-26 07:37:47 UTC
From:
To:
reassign 516916 libxml2
thanks

$ xmllint --noent /tmp/foo\ bar/book.xml
warning: failed to load external entity "preface.xml"
/tmp/foo bar/book.xml:7: parser error : Failure to process entity preface
  &preface;
           ^
/tmp/foo bar/book.xml:7: parser error : Entity 'preface' not defined
  &preface;


Mike

PS for the original bug reporter: you shouln't use the local path for
the docbook dtd in your document:
<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"/usr/share/xml/docbook/schema/dtd/4.5/docbookx.dtd" [

but the full url instead:
<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

The url will be transformed into the local path using the xml catalog.

#516916#27
Date:
2009-03-01 11:58:30 UTC
From:
To:
This has to do with apparently the CLI commands (xmllint and xsltproc)
not converting path names to proper URIs. If you replace spaces with
%20 in the file names on the command line, it works as expected.

I'll see with upstream how this should be treated.

Mike

#516916#30
Date:
2009-03-01 11:58:30 UTC
From:
To:
This has to do with apparently the CLI commands (xmllint and xsltproc)
not converting path names to proper URIs. If you replace spaces with
%20 in the file names on the command line, it works as expected.

I'll see with upstream how this should be treated.

Mike

#516916#45
Date:
2017-06-18 01:53:51 UTC
From:
To:
Control: tags -1 security
Control: severity -1 important

Actually it's much uglier than that. There seems some internal breakage
so that in fact, xmllint tries to read the wrong file, as I've noted in
the upstream bug: from the current directory instead of the expected
directory. This implies possible user information leakage.

#516916#52
Date:
2017-06-18 01:53:51 UTC
From:
To:
Control: tags -1 security
Control: severity -1 important

Actually it's much uglier than that. There seems some internal breakage
so that in fact, xmllint tries to read the wrong file, as I've noted in
the upstream bug: from the current directory instead of the expected
directory. This implies possible user information leakage.