Skip to content

Commit

Permalink
case-insensitive charset name in xml scanner
Browse files Browse the repository at this point in the history
  • Loading branch information
MarkBaker committed Jul 3, 2019
1 parent 6ab969e commit d4eab49
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion src/PhpSpreadsheet/Reader/Security/XmlScanner.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -100,7 +100,7 @@ private function toUtf8($xml)
$xml = mb_convert_encoding($xml, 'UTF-8', $charset);

$result = preg_match($pattern, $xml, $matches);
$charset = $result ? $matches[1] : 'UTF-8';
$charset = strtoupper($result ? $matches[1] : 'UTF-8');
if ($charset !== 'UTF-8') {
throw new Reader\Exception('Suspicious Double-encoded XML, spreadsheet file load() aborted to prevent XXE/XEE attacks');
}
Expand Down

0 comments on commit d4eab49

Please sign in to comment.