Skip to content
This repository has been archived by the owner on Jan 2, 2019. It is now read-only.

XML External Entity (XXE) Processing #405

Merged
merged 1 commit into from
Jul 27, 2014
Merged

XML External Entity (XXE) Processing #405

merged 1 commit into from
Jul 27, 2014

Conversation

ymaerschalck
Copy link
Contributor

https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing

change simplexml_load_file to
simplexml_load_string(file_get_contents()) because load_file doesn't
work when
http://php.net/manual/en/function.libxml-disable-entity-loader.php is
true

XML External Entity (XXE) Processing
0787e56 
https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing

change simplexml_load_file to
simplexml_load_string(file_get_contents()) because load_file doesn't
work when
http://php.net/manual/en/function.libxml-disable-entity-loader.php is
true
@MarkBaker
Copy link
Member

Thanks! I hadn't realised that libxml_disable_entity_loader(true) triggered different behaviours between simplexml_load_string() and simplexml_load_file().

MarkBaker pushed a commit that referenced this pull request Jul 27, 2014
Merge pull request #405 from ymaerschalck/develop
2a06bc9 
XML External Entity (XXE) Processing
@MarkBaker MarkBaker merged commit 2a06bc9 into PHPOffice:develop Jul 27, 2014
@Progi1984 Progi1984 added this to the 1.8.0 milestone Aug 26, 2014
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees

@MarkBaker MarkBaker

Labels
Source - Pull Request Type - Enhancement
Projects
None yet
Milestone
1.8.0
Development

Successfully merging this pull request may close these issues.
3 participants
@ymaerschalck @MarkBaker @Progi1984