rexml 3.2.0 → 3.2.5

data/lib/rexml/entity.rb

@@ -90,7 +90,7 @@ module REXML
     # object itself is valid.)
     #
     # out::
-    #   An object implementing <TT>&lt;&lt;<TT> to which the entity will be
+    #   An object implementing <TT>&lt;&lt;</TT> to which the entity will be
     #   output
     # indent::
     #   *DEPRECATED* and ignored

data/lib/rexml/functions.rb

@@ -66,11 +66,11 @@ module REXML
     def Functions::id( object )
     end
 
-    # UNTESTED
-    def Functions::local_name( node_set=nil )
-      get_namespace( node_set ) do |node|
+    def Functions::local_name(node_set=nil)
+      get_namespace(node_set) do |node|
         return node.local_name
       end
+      ""
     end
 
     def Functions::namespace_uri( node_set=nil )
@@ -135,8 +135,7 @@ module REXML
     #
     # An object of a type other than the four basic types is converted to a
     # string in a way that is dependent on that type.
-    def Functions::string( object=nil )
-      object = @@context[:node] if object.nil?
+    def Functions::string( object=@@context[:node] )
       if object.respond_to?(:node_type)
         case object.node_type
         when :attribute
@@ -165,8 +164,6 @@ module REXML
               object.to_s
             end
           end
-        when nil
-          ""
         else
           object.to_s
         end
@@ -318,18 +315,23 @@ module REXML
       end
     end
 
-    # UNTESTED
-    def Functions::boolean( object=nil )
-      if object.kind_of? String
-        if object =~ /\d+/u
-          return object.to_f != 0
-        else
-          return object.size > 0
-        end
-      elsif object.kind_of? Array
-        object = object.find{|x| x and true}
+    def Functions::boolean(object=@@context[:node])
+      case object
+      when true, false
+        object
+      when Float
+        return false if object.zero?
+        return false if object.nan?
+        true
+      when Numeric
+        not object.zero?
+      when String
+        not object.empty?
+      when Array
+        not object.empty?
+      else
+        object ? true : false
       end
-      return object ? true : false
     end
 
     # UNTESTED
@@ -383,25 +385,23 @@ module REXML
     #
     # an object of a type other than the four basic types is converted to a
     # number in a way that is dependent on that type
-    def Functions::number( object=nil )
-      object = @@context[:node] unless object
+    def Functions::number(object=@@context[:node])
       case object
       when true
         Float(1)
       when false
         Float(0)
       when Array
-        number(string( object ))
+        number(string(object))
       when Numeric
         object.to_f
       else
-        str = string( object )
-        # If XPath ever gets scientific notation...
-        #if str =~ /^\s*-?(\d*\.?\d+|\d+\.)([Ee]\d*)?\s*$/
-        if str =~ /^\s*-?(\d*\.?\d+|\d+\.)\s*$/
-          str.to_f
+        str = string(object)
+        case str.strip
+        when /\A\s*(-?(?:\d+(?:\.\d*)?|\.\d+))\s*\z/
+          $1.to_f
         else
-          (0.0 / 0.0)
+          Float::NAN
         end
       end
     end

data/lib/rexml/light/node.rb

@@ -1,14 +1,6 @@
 # frozen_string_literal: false
 require_relative '../xmltokens'
 
-# [ :element, parent, name, attributes, children* ]
-  # a = Node.new
-  # a << "B"            # => <a>B</a>
-  # a.b                 # => <a>B<b/></a>
-  # a.b[1]                      # => <a>B<b/><b/><a>
-  # a.b[1]["x"] = "y"   # => <a>B<b/><b x="y"/></a>
-  # a.b[0].c            # => <a>B<b><c/></b><b x="y"/></a>
-  # a.b.c << "D"                # => <a>B<b><c>D</c></b><b x="y"/></a>
 module REXML
   module Light
     # Represents a tagged XML element.  Elements are characterized by

data/lib/rexml/parsers/baseparser.rb

@@ -50,7 +50,6 @@ module REXML
 
       DOCTYPE_START = /\A\s*<!DOCTYPE\s/um
       DOCTYPE_END = /\A\s*\]\s*>/um
-      DOCTYPE_PATTERN = /\s*<!DOCTYPE\s+(.*?)(\[|>)/um
       ATTRIBUTE_PATTERN = /\s*(#{QNAME_STR})\s*=\s*(["'])(.*?)\4/um
       COMMENT_START = /\A<!--/u
       COMMENT_PATTERN = /<!--(.*?)-->/um
@@ -61,15 +60,14 @@ module REXML
       XMLDECL_PATTERN = /<\?xml\s+(.*?)\?>/um
       INSTRUCTION_START = /\A<\?/u
       INSTRUCTION_PATTERN = /<\?#{NAME}(\s+.*?)?\?>/um
-      TAG_MATCH = /^<((?>#{QNAME_STR}))/um
-      CLOSE_MATCH = /^\s*<\/(#{QNAME_STR})\s*>/um
+      TAG_MATCH = /\A<((?>#{QNAME_STR}))/um
+      CLOSE_MATCH = /\A\s*<\/(#{QNAME_STR})\s*>/um
 
       VERSION = /\bversion\s*=\s*["'](.*?)['"]/um
       ENCODING = /\bencoding\s*=\s*["'](.*?)['"]/um
       STANDALONE = /\bstandalone\s*=\s*["'](.*?)['"]/um
 
       ENTITY_START = /\A\s*<!ENTITY/
-      IDENTITY = /^([!\*\w\-]+)(\s+#{NCNAME_STR})?(\s+["'](.*?)['"])?(\s+['"](.*?)["'])?/u
       ELEMENTDECL_START = /\A\s*<!ELEMENT/um
       ELEMENTDECL_PATTERN = /\A\s*(<!ELEMENT.*?)>/um
       SYSTEMENTITY = /\A\s*(%.*?;)\s*$/um
@@ -83,9 +81,6 @@ module REXML
       ATTDEF_RE = /#{ATTDEF}/
       ATTLISTDECL_START = /\A\s*<!ATTLIST/um
       ATTLISTDECL_PATTERN = /\A\s*<!ATTLIST\s+#{NAME}(?:#{ATTDEF})*\s*>/um
-      NOTATIONDECL_START = /\A\s*<!NOTATION/um
-      PUBLIC = /\A\s*<!NOTATION\s+(\w[\-\w]*)\s+(PUBLIC)\s+(["'])(.*?)\3(?:\s+(["'])(.*?)\5)?\s*>/um
-      SYSTEM = /\A\s*<!NOTATION\s+(\w[\-\w]*)\s+(SYSTEM)\s+(["'])(.*?)\3\s*>/um
 
       TEXT_PATTERN = /\A([^<]*)/um
 
@@ -103,6 +98,11 @@ module REXML
       GEDECL = "<!ENTITY\\s+#{NAME}\\s+#{ENTITYDEF}\\s*>"
       ENTITYDECL = /\s*(?:#{GEDECL})|(?:#{PEDECL})/um
 
+      NOTATIONDECL_START = /\A\s*<!NOTATION/um
+      EXTERNAL_ID_PUBLIC = /\A\s*PUBLIC\s+#{PUBIDLITERAL}\s+#{SYSTEMLITERAL}\s*/um
+      EXTERNAL_ID_SYSTEM = /\A\s*SYSTEM\s+#{SYSTEMLITERAL}\s*/um
+      PUBLIC_ID = /\A\s*PUBLIC\s+#{PUBIDLITERAL}\s*/um
+
       EREFERENCE = /&(?!#{NAME};)/
 
       DEFAULT_ENTITIES = {
@@ -195,11 +195,9 @@ module REXML
         return [ :end_document ] if empty?
         return @stack.shift if @stack.size > 0
         #STDERR.puts @source.encoding
-        @source.read if @source.buffer.size<2
         #STDERR.puts "BUFFER = #{@source.buffer.inspect}"
         if @document_status == nil
-          #@source.consume( /^\s*/um )
-          word = @source.match( /^((?:\s+)|(?:<[^>]*>))/um )
+          word = @source.match( /\A((?:\s+)|(?:<[^>]*>))/um )
           word = word[1] unless word.nil?
           #STDERR.puts "WORD = #{word.inspect}"
           case word
@@ -224,38 +222,49 @@ module REXML
           when INSTRUCTION_START
             return process_instruction
           when DOCTYPE_START
-            md = @source.match( DOCTYPE_PATTERN, true )
+            base_error_message = "Malformed DOCTYPE"
+            @source.match(DOCTYPE_START, true)
             @nsstack.unshift(curr_ns=Set.new)
-            identity = md[1]
-            close = md[2]
-            identity =~ IDENTITY
-            name = $1
-            raise REXML::ParseException.new("DOCTYPE is missing a name") if name.nil?
-            pub_sys = $2.nil? ? nil : $2.strip
-            long_name = $4.nil? ? nil : $4.strip
-            uri = $6.nil? ? nil : $6.strip
-            args = [ :start_doctype, name, pub_sys, long_name, uri ]
-            if close == ">"
+            name = parse_name(base_error_message)
+            if @source.match(/\A\s*\[/um, true)
+              id = [nil, nil, nil]
+              @document_status = :in_doctype
+            elsif @source.match(/\A\s*>/um, true)
+              id = [nil, nil, nil]
               @document_status = :after_doctype
-              @source.read if @source.buffer.size<2
-              md = @source.match(/^\s*/um, true)
-              @stack << [ :end_doctype ]
             else
-              @document_status = :in_doctype
+              id = parse_id(base_error_message,
+                            accept_external_id: true,
+                            accept_public_id: false)
+              if id[0] == "SYSTEM"
+                # For backward compatibility
+                id[1], id[2] = id[2], nil
+              end
+              if @source.match(/\A\s*\[/um, true)
+                @document_status = :in_doctype
+              elsif @source.match(/\A\s*>/um, true)
+                @document_status = :after_doctype
+              else
+                message = "#{base_error_message}: garbage after external ID"
+                raise REXML::ParseException.new(message, @source)
+              end
+            end
+            args = [:start_doctype, name, *id]
+            if @document_status == :after_doctype
+              @source.match(/\A\s*/um, true)
+              @stack << [ :end_doctype ]
             end
             return args
-          when /^\s+/
+          when /\A\s+/
           else
             @document_status = :after_doctype
-            @source.read if @source.buffer.size<2
-            md = @source.match(/\s*/um, true)
             if @source.encoding == "UTF-8"
               @source.buffer.force_encoding(::Encoding::UTF_8)
             end
           end
         end
         if @document_status == :in_doctype
-          md = @source.match(/\s*(.*?>)/um)
+          md = @source.match(/\A\s*(.*?>)/um)
           case md[1]
           when SYSTEMENTITY
             match = @source.match( SYSTEMENTITY, true )[1]
@@ -312,29 +321,44 @@ module REXML
             end
             return [ :attlistdecl, element, pairs, contents ]
           when NOTATIONDECL_START
-            md = nil
-            if @source.match( PUBLIC )
-              md = @source.match( PUBLIC, true )
-              vals = [md[1],md[2],md[4],md[6]]
-            elsif @source.match( SYSTEM )
-              md = @source.match( SYSTEM, true )
-              vals = [md[1],md[2],nil,md[4]]
-            else
-              raise REXML::ParseException.new( "error parsing notation: no matching pattern", @source )
+            base_error_message = "Malformed notation declaration"
+            unless @source.match(/\A\s*<!NOTATION\s+/um, true)
+              if @source.match(/\A\s*<!NOTATION\s*>/um)
+                message = "#{base_error_message}: name is missing"
+              else
+                message = "#{base_error_message}: invalid declaration name"
+              end
+              raise REXML::ParseException.new(message, @source)
+            end
+            name = parse_name(base_error_message)
+            id = parse_id(base_error_message,
+                          accept_external_id: true,
+                          accept_public_id: true)
+            unless @source.match(/\A\s*>/um, true)
+              message = "#{base_error_message}: garbage before end >"
+              raise REXML::ParseException.new(message, @source)
             end
-            return [ :notationdecl, *vals ]
+            return [:notationdecl, name, *id]
           when DOCTYPE_END
             @document_status = :after_doctype
             @source.match( DOCTYPE_END, true )
             return [ :end_doctype ]
           end
         end
+        if @document_status == :after_doctype
+          @source.match(/\A\s*/um, true)
+        end
         begin
+          @source.read if @source.buffer.size<2
           if @source.buffer[0] == ?<
             if @source.buffer[1] == ?/
               @nsstack.shift
               last_tag = @tags.pop
               md = @source.match( CLOSE_MATCH, true )
+              if md and !last_tag
+                message = "Unexpected top-level end tag (got '#{md[1]}')"
+                raise REXML::ParseException.new(message, @source)
+              end
               if md.nil? or last_tag != md[1]
                 message = "Missing end tag for '#{last_tag}'"
                 message << " (got '#{md[1]}')" if md
@@ -368,6 +392,7 @@ module REXML
               unless md
                 raise REXML::ParseException.new("malformed XML: missing tag start", @source)
               end
+              @document_status = :in_element
               prefixes = Set.new
               prefixes << md[2] if md[2]
               @nsstack.unshift(curr_ns=Set.new)
@@ -473,6 +498,85 @@ module REXML
         true
       end
 
+      def parse_name(base_error_message)
+        md = @source.match(/\A\s*#{NAME}/um, true)
+        unless md
+          if @source.match(/\A\s*\S/um)
+            message = "#{base_error_message}: invalid name"
+          else
+            message = "#{base_error_message}: name is missing"
+          end
+          raise REXML::ParseException.new(message, @source)
+        end
+        md[1]
+      end
+
+      def parse_id(base_error_message,
+                   accept_external_id:,
+                   accept_public_id:)
+        if accept_external_id and (md = @source.match(EXTERNAL_ID_PUBLIC, true))
+          pubid = system = nil
+          pubid_literal = md[1]
+          pubid = pubid_literal[1..-2] if pubid_literal # Remove quote
+          system_literal = md[2]
+          system = system_literal[1..-2] if system_literal # Remove quote
+          ["PUBLIC", pubid, system]
+        elsif accept_public_id and (md = @source.match(PUBLIC_ID, true))
+          pubid = system = nil
+          pubid_literal = md[1]
+          pubid = pubid_literal[1..-2] if pubid_literal # Remove quote
+          ["PUBLIC", pubid, nil]
+        elsif accept_external_id and (md = @source.match(EXTERNAL_ID_SYSTEM, true))
+          system = nil
+          system_literal = md[1]
+          system = system_literal[1..-2] if system_literal # Remove quote
+          ["SYSTEM", nil, system]
+        else
+          details = parse_id_invalid_details(accept_external_id: accept_external_id,
+                                             accept_public_id: accept_public_id)
+          message = "#{base_error_message}: #{details}"
+          raise REXML::ParseException.new(message, @source)
+        end
+      end
+
+      def parse_id_invalid_details(accept_external_id:,
+                                   accept_public_id:)
+        public = /\A\s*PUBLIC/um
+        system = /\A\s*SYSTEM/um
+        if (accept_external_id or accept_public_id) and @source.match(/#{public}/um)
+          if @source.match(/#{public}(?:\s+[^'"]|\s*[\[>])/um)
+            return "public ID literal is missing"
+          end
+          unless @source.match(/#{public}\s+#{PUBIDLITERAL}/um)
+            return "invalid public ID literal"
+          end
+          if accept_public_id
+            if @source.match(/#{public}\s+#{PUBIDLITERAL}\s+[^'"]/um)
+              return "system ID literal is missing"
+            end
+            unless @source.match(/#{public}\s+#{PUBIDLITERAL}\s+#{SYSTEMLITERAL}/um)
+              return "invalid system literal"
+            end
+            "garbage after system literal"
+          else
+            "garbage after public ID literal"
+          end
+        elsif accept_external_id and @source.match(/#{system}/um)
+          if @source.match(/#{system}(?:\s+[^'"]|\s*[\[>])/um)
+            return "system literal is missing"
+          end
+          unless @source.match(/#{system}\s+#{SYSTEMLITERAL}/um)
+            return "invalid system literal"
+          end
+          "garbage after system literal"
+        else
+          unless @source.match(/\A\s*(?:PUBLIC|SYSTEM)\s/um)
+            return "invalid ID type"
+          end
+          "ID type is missing"
+        end
+      end
+
       def process_instruction
         match_data = @source.match(INSTRUCTION_PATTERN, true)
         unless match_data

data/lib/rexml/parsers/xpathparser.rb

@@ -22,7 +22,13 @@ module REXML
         path.gsub!(/([\(\[])\s+/, '\1') # Strip ignorable spaces
         path.gsub!( /\s+([\]\)])/, '\1')
         parsed = []
-        OrExpr(path, parsed)
+        rest = OrExpr(path, parsed)
+        if rest
+          unless rest.strip.empty?
+            raise ParseException.new("Garbage component exists at the end: " +
+                                     "<#{rest}>: <#{path}>")
+          end
+        end
         parsed
       end
 
@@ -229,24 +235,28 @@ module REXML
               path = path[1..-1]
             end
           else
+            path_before_axis_specifier = path
+            parsed_not_abberviated = []
             if path[0] == ?@
-              parsed << :attribute
+              parsed_not_abberviated << :attribute
               path = path[1..-1]
               # Goto Nodetest
             elsif path =~ AXIS
-              parsed << $1.tr('-','_').intern
+              parsed_not_abberviated << $1.tr('-','_').intern
               path = $'
               # Goto Nodetest
             else
-              parsed << :child
+              parsed_not_abberviated << :child
             end
 
-            n = []
-            path = NodeTest( path, n)
-
-            path = Predicate( path, n )
+            path_before_node_test = path
+            path = NodeTest(path, parsed_not_abberviated)
+            if path == path_before_node_test
+              return path_before_axis_specifier
+            end
+            path = Predicate(path, parsed_not_abberviated)
 
-            parsed.concat(n)
+            parsed.concat(parsed_not_abberviated)
           end
 
           original_path = path
@@ -301,7 +311,9 @@ module REXML
         when PI
           path = $'
           literal = nil
-          if path !~ /^\s*\)/
+          if path =~ /^\s*\)/
+            path = $'
+          else
             path =~ LITERAL
             literal = $1
             path = $'
@@ -545,7 +557,9 @@ module REXML
       #| PrimaryExpr
       def FilterExpr path, parsed
         n = []
-        path = PrimaryExpr( path, n )
+        path_before_primary_expr = path
+        path = PrimaryExpr(path, n)
+        return path_before_primary_expr if path == path_before_primary_expr
         path = Predicate(path, n)
         parsed.concat(n)
         path