16 Replies Latest reply on Aug 13, 2007 8:10 AM by csawall

    Parse failure because returned data has XML like code

    csawall
      I have a HTTPService that makes a call to a PHP file to gather certain data from a data base about some vulnerabilities. It works 99.9% of the time. However there are some instances when I get the following:

      [RPC Fault faultString="Error #1090: XML parser failure: element is malformed." faultCode="Client.CouldNotDecode" faultDetail="null"]
      at mx.rpc.http::HTTPService/ http://www.adobe.com/2006/flex/mx/internal::processResult()
      at mx.rpc::AbstractInvoker/ http://www.adobe.com/2006/flex/mx/internal::resultHandler()
      at mx.rpc::Responder/result()
      at mx.rpc::AsyncRequest/acknowledge()
      at ::DirectHTTPMessageResponder/completeHandler()
      at flash.events::EventDispatcher/flash.events:EventDispatcher::dispatchEventFunction()
      at flash.events::EventDispatcher/dispatchEvent()
      at flash.net::URLLoader/flash.net:URLLoader::onComplete()

      I have debug in my PHP files and I know with certainty that the data is being grouped into proper XML format for a return response. And when I compare it to every other response that works, it's the exact same (XML sections / tags).

      However, I have noticed that some of the responses have this in the data fields:

      <Directory /usr/doc>
      AllowOverride None
      order deny,allow
      deny from all
      allow from localhost
      </Directory>

      Could this be causing my problem? This is not part of my XML, but rather data returned from the database concerning a particular vulnerability in Apache.

      Does anyone have any ideas on how to deal with this?

      Thanks,
      Chris

        • 1. Re: Parse failure because returned data has XML like code
          ntsiii Level 3
          This: "<Directory /usr/doc>" does not look like valid xml.

          Leave it out of the xml your return.

          Or, you might be able to wrap it in CDATA tags.

          Tracy
          • 2. Re: Parse failure because returned data has XML like code
            csawall Level 1
            Tracy - You are correct, it's not valid XML. It's part of the Apache httpd.conf file. It is being returned as part of the results of a vulnerability scan of which the data is stored in a MySQL db. I'm pulling the data to present in a datagrid along with other pertinent data.

            I can't really leave it out since it's part of the query result and is actually required to help the user understand the findings of the vulnerability scans.

            Does that help clarify the issue? Any other thoughts?

            Thanks,
            Chris
            • 3. Re: Parse failure because returned data has XML like code
              ntsiii Level 3
              You might be able to wrap it in CDATA tags.

              Or re-build it into valid xml.

              Tracy
              • 4. Re: Parse failure because returned data has XML like code
                chris.huston.t10 Level 3
                Just an idea, but if you don't really need xml formatted values returned from PHP, you could set the resultFormat to text so that it does not parse the result.

                resultFormat='text'

                Vygo
                • 5. Re: Parse failure because returned data has XML like code
                  csawall Level 1
                  Tracy and Vygo - Thanks both for the suggestions. My response:

                  I am putting some of the code below in hopes that it will help. I think that the error is actually occuring in the parsing of the XML, so it may not be the DataGrid throwing the error. So I don't think wrapping it in CDATA tags will help. That and I tried putting in CDATA tags, but I'm unsure of how to put a variable into the CDATA tags. I tried data.var, {data.var} and "{data.var}".

                  I think that doing the resultFormat=text is a good idea, especially for that one field, but I need to return it as XML so I can parse it.

                  Here's part of the code, the function to parse the returned data from the HTTPService and the code for the datagrid. "data.df2" is the field in question.

                  [Bindable] private var _xmlUXHDs:XML;
                  private function parseUXHDs(evt:ResultEvent):void {
                  _xmlUXHDs = XML(evt.result);
                  }

                  <mx:DataGrid id="uxdetailed" dataProvider="{_xmlUXHDs.details}" width="100%" height="100%" click="parseUXVS(event)" change="resetuxnotes()">
                  <mx:columns>
                  <mx:DataGridColumn headerText="head1" dataField="df1" width="75" wordWrap="true"/>
                  <mx:DataGridColumn headerText="head2" dataField="df2">
                  <mx:itemRenderer>
                  <mx:Component>
                  <mx:Text htmlText="{data.df2}"/>
                  </mx:Component>
                  </mx:itemRenderer>
                  </mx:DataGridColumn>
                  <mx:DataGridColumn headerText="head3" dataField="df3" width="40"/>
                  <mx:DataGridColumn headerText="head4" dataField="df4" width="50">
                  <mx:itemRenderer>
                  <mx:Component>
                  <mx:LinkButton label="{data.df4}" click="navigateToURL(new URLRequest(data.df4), '_blank')"/>
                  </mx:Component>
                  </mx:itemRenderer>
                  </mx:DataGridColumn>
                  </mx:columns>
                  </mx:DataGrid>

                  Thanks for the help so far.

                  Chris
                  • 6. Re: Parse failure because returned data has XML like code
                    chris.huston.t10 Level 3
                    I think you will need to have PHP format your result so that it is valid XML before you return the result to flex. You could put the <Directory> tag within a CDATA tag as Tracy suggested. When you get your query returned from your DB, check the field for the <Directory> tag and wrap the CDATA around this field:
                    ...
                    $flexResult .= "<![CDATA[";
                    $flexResult .= $directoryField;
                    $flexResult .= "]]>";
                    ...

                    Another option I thought might work would be to alter the <Directory /usr/doc> in the PHP script to make it well formed:
                    <Directory dir="/usr/doc">

                    Vygo
                    • 7. Re: Parse failure because returned data has XML like code
                      csawall Level 1
                      Vygo - I am unsure how the best way to do as you first described. I am able to set the variable like this: $return .= '<datafield><![CDATA["'.$dbrow["data"].'"]]></datafield>". The PHP debug code I'm outputting definitely shows that's is what is being sent to Flex, but I get the exact same error.

                      So I'm looking at your second idea. I'm doing something similar and actually I'm at a point where I'm not getting an XML parse error, but it brings me to another problem, again with the way that Flex is reading the returned data I believe.

                      I changed my PHP code to do this:

                      if(eregi("<Directory", $dbrow["data"]))
                      {
                      $desc=eregi_replace("<","&lt;",$dbrow["data"]);
                      $fdesc=eregi_replace(">","&gt;",$desc);
                      $return .= '<datafield>'.$fdesc.'</datafield>';
                      }
                      else {$return .= '<datafield>'.$dbrow["data"].'</datafield>';}

                      This actually returns a data, but it only displays MOST of the data. It returns everything before the characters I replace but nothing of the data that I replaced. I review my debug code and the PHP script is definitely returning all of the data.

                      Is there something with Flex that it doesn't interpret the "&lt;" and "&gt;" entries for HTML?

                      Thanks,
                      Chris
                      • 8. Re: Parse failure because returned data has XML like code
                        ntsiii Level 3
                        Yes, I'm sure. Why are you **** that? Why not just fix the output to: <Directory dir="/usr/doc"> as Vygo suggested?
                        Tracy
                        • 9. Re: Parse failure because returned data has XML like code
                          csawall Level 1
                          Tracy - sorry for the confusion. There are a few reasons why I can not change the data that is actually stored in the database. First, in the Apache httpd.conf file, that is the actual code that is present, so changing the data displayed would confuse the user or could make them act to put in the wrong information into their configuration file. Second, the data is coming from the vendor who provides the vulnerability scanning tool. Third, the "directory" will not always be the same.

                          I hope that helps explain why I can't change the actual data that is stored in the db.

                          Any thoughts on my question?

                          Thanks,
                          chris
                          • 10. Re: Parse failure because returned data has XML like code
                            chris.huston.t10 Level 3
                            I made a test app to check the CDATA return from PHP:
                            http://www.mgu.ac.jp/eibunka/flex/xmlTester.html

                            Here is the flex app:

                            <?xml version="1.0" encoding="utf-8"?>
                            <mx:Application xmlns:mx=" http://www.adobe.com/2006/mxml" layout="absolute" creationComplete="getXML.send()">
                            <mx:HTTPService
                            id="getXML"
                            method="POST"
                            result="initXML(event)"
                            resultFormat="e4x"
                            url=" http://www.mgu.ac.jp/eibunka/php/xmlTest.php"
                            useProxy="false"/>

                            <mx:Script>
                            <![CDATA[
                            import mx.rpc.events.ResultEvent;

                            private function initXML(evt:ResultEvent):void {
                            tester.dataProvider = evt.result.rec;
                            }
                            ]]>
                            </mx:Script>
                            <mx:DataGrid x="252" y="65" id="tester" width="424">
                            <mx:columns>
                            <mx:DataGridColumn headerText="Num" dataField="num"/>
                            <mx:DataGridColumn headerText="DataField" dataField="datafield"/>
                            </mx:columns>
                            </mx:DataGrid>
                            </mx:Application>

                            Here is the PHP:

                            <?php
                            $data1 = '<Directory /usr/doc>
                            AllowOverride None
                            order deny,allow
                            deny from all
                            allow from localhost
                            </Directory>';
                            $data4 = '<Directory /all/doc>
                            AllowOverride All
                            order deny,allow
                            deny from all
                            allow from localhost
                            </Directory>';
                            $return = "<info>";
                            $return .= '<rec><num>test 1</num><datafield><![CDATA['.$data1.']]></datafield></rec>';
                            $return .= '<rec><num>test 2</num><datafield>some data 2</datafield></rec>';
                            $return .= '<rec><num>test 3</num><datafield>some data 3</datafield></rec>';
                            $return .= '<rec><num>test 4</num><datafield><![CDATA['.$data4.']]></datafield></rec>';
                            $return .= '</info>';
                            echo $return;
                            ?>

                            This works for me without any errors. Try testing the above code with your PHP setup and see if you get an error.

                            Vygo
                            • 11. Re: Parse failure because returned data has XML like code
                              ntsiii Level 3
                              "..change the actual data that is stored in the db.." neither of us were suggesting that, just that you modify the invalid XML by turning the invalid string into an attribute.

                              But it looks like Vygo has your solution.

                              Tracy
                              • 12. Re: Parse failure because returned data has XML like code
                                csawall Level 1
                                Tracy - got your reply, thanks.

                                Vygo - Working from your example, it's pretty much what I tried before. But I did it again - and no errors this time. So maybe I had a mistype before. HOWEVER, not all of the data is displaying. I am going to paste actual data from the returned data so you can see it.

                                <description><![CDATA[The /doc directory is browsable.
                                /doc shows the content of the /usr/doc directory and therefore it shows which programs and - important! - the version of the installed pro
                                grams.

                                Solution : Use access restrictions for the /doc directory.
                                If you use Apache you might use this in your access.conf:

                                <Directory /usr/doc>
                                AllowOverride None
                                order deny,allow
                                deny from all
                                allow from localhost
                                </Directory>


                                ]]></description>

                                The above shows up in the PHP debug code I have and is sending it to the Flex app. But the Datagrid is not displaying anything between the two "directory" tags, just a bunch of whitespace. Does that make sense?

                                Also, the only deviation I really have from your code is that I set the XML to a variable (as in my code below) and you set the dataprovider for the Datagrid. But I don't think that should matter, right?

                                Thanks,
                                chris
                                • 13. Re: Parse failure because returned data has XML like code
                                  ntsiii Level 3
                                  <![CDATA is an xml node type. I am not sure, but it might require some special handling to reference it. This would entail labelFunction for that column. I do not know offhand the way to access a cdata node.

                                  Tracy
                                  • 14. Re: Parse failure because returned data has XML like code
                                    chris.huston.t10 Level 3
                                    What is your resultFormat? This might be causing the problem. Try setting the result format to e4x as in my example. I updated my example to include your PHP result from your last post. Right click on my example to see the source, including my PHP file. The data is showing up in the dataGrid so the CDATA solution seems to be working. It must just be some small problem with your PHP or the resultFormat in Flex. Have a look and see if we can't get this working for you.

                                    http://www.mgu.ac.jp/eibunka/flex/xmlTester.html

                                    Vygo

                                    • 15. Re: Parse failure because returned data has XML like code
                                      csawall Level 1
                                      Vygo - Thanks for sticking with me on this. I am using the e4x format. I will check out your code on Monday, I'm just about to leave for a 3 day trip away from here!

                                      Here's my HTTPService call:

                                      <mx:HTTPService id="uxhostdetails" url="{_xmlBaseURL}main/hostdetails.php" result="parseUXHDs(event)" resultFormat="e4x" useProxy="false" method="POST" showBusyCursor="true">
                                      <mx:request xmlns="">
                                      <qrtrdisp>{dates.text}</qrtrdisp><server>{uxhn.text}</server>
                                      </mx:request>
                                      </mx:HTTPService>


                                      And part of my PHP:
                                      while($vrow = mysql_fetch_array($vresult))
                                      {
                                      $return .= '<riskdetails>';
                                      <---- SNIP ------>
                                      $return .= '<description><![CDATA['.$vrow["msg"].']]></description>';
                                      $return .= '</riskdetails>';
                                      }

                                      Thanks,
                                      chris
                                      • 16. Re: Parse failure because returned data has XML like code
                                        csawall Level 1
                                        Vygo - That's it! All is working. My PHP was ok, and technically the MXML was ok too. For whatever reason, I was using an ItemRenderer within the DataGrid to display the HTMLText. Once I removed this section:

                                        <mx:itemRenderer>
                                        <mx:Component>
                                        <mx:Text htmlText="{data.df2}"/>
                                        </mx:Component>
                                        </mx:itemRenderer>

                                        And just kept this part:

                                        <mx:DataGridColumn headerText="Description" dataField="description"/>

                                        It started working. So thank you very much for your time and help!

                                        Thanks,
                                        chris