Server does not parse huge files

[astahovn]

$server = new \Zend\Soap\Server(...);
...
$response = $server->handle($request = file_get_contents('php://input'));

When request is more than 10Mb, we get "Invalid XML" error. The cause in Server->setRequest() method:
789 $dom = new DOMDocument();
790 $loadStatus = $dom->loadXML($xml);

, where loadXML(..) method called without param LIBXML_PARSEHUGE.

Is it bug or feature?

[adamlundrigan]

IIRC that flag turns on protections to prevent a wide range of nastiness when reading XML documents (some info here and in the PHP bug report which resulted in LIBXML_PARSEHUGE being added). One of those protections is limiting a single node to 10MB.

We could add a boolean option to the Zend\Soap\Server class (parse_huge?) to allow toggling this flag on a case-by-case basis, eg:

$server = new \Zend\Soap\Server($wsdl, [
    'parse_huge' => true
]);

[weierophinney]

The flag LIBXML_PARSEHUGE was introduced after original incarnations of this particular library, and was simply missed over time; nobody has requested it.

I agree that we should likely support it; I also agree with @adamlundrigan that it should likely be configurable (as the reason large files are not accepted by default is a protection against DoS attacks).

Adding the flag would be trivial; if somebody would like to create a pull request and link it to this issue, we'll certainly review it for inclusion.

[stormwild]

Hi sent pull request: #36