mirror of
https://github.com/php/php-src.git
synced 2024-09-21 18:07:23 +00:00
[libxml] Unit test for libxml_disable_entity_loader()
Summary: Test to make sure libxml_disable_entity_loader() is behaving.
This commit is contained in:
parent
1c586d4070
commit
24cc7c0be2
41
ext/libxml/tests/libxml_disable_entity_loader.phpt
Normal file
41
ext/libxml/tests/libxml_disable_entity_loader.phpt
Normal file
@ -0,0 +1,41 @@
|
||||
--TEST--
|
||||
libxml_disable_entity_loader()
|
||||
--SKIPIF--
|
||||
<?php if (!extension_loaded('libxml') || !extension_loaded('dom') || defined('PHP_WINDOWS_VERSION_MAJOR')) die('skip'); ?>
|
||||
--FILE--
|
||||
<?php
|
||||
|
||||
$xml = <<<EOT
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE test [<!ENTITY xxe SYSTEM "XXE_URI">]>
|
||||
<foo>&xxe;</foo>
|
||||
EOT;
|
||||
|
||||
$xml = str_replace('XXE_URI', __DIR__ . '/libxml_disable_entity_loader_payload.txt', $xml);
|
||||
|
||||
function parseXML($xml) {
|
||||
$doc = new DOMDocument();
|
||||
$doc->resolveExternals = true;
|
||||
$doc->substituteEntities = true;
|
||||
$doc->validateOnParse = false;
|
||||
$doc->loadXML($xml, 0);
|
||||
return $doc->saveXML();
|
||||
}
|
||||
|
||||
var_dump(strpos(parseXML($xml), 'SECRET_DATA') !== false);
|
||||
var_dump(libxml_disable_entity_loader(true));
|
||||
var_dump(strpos(parseXML($xml), 'SECRET_DATA') === false);
|
||||
|
||||
echo "Done\n";
|
||||
?>
|
||||
--EXPECTF--
|
||||
bool(true)
|
||||
bool(false)
|
||||
|
||||
Warning: DOMDocument::loadXML(): I/O warning : failed to load external entity "%s" in %s on line %d
|
||||
|
||||
Warning: DOMDocument::loadXML(): Failure to process entity xxe in Entity, line: %d in %s on line %d
|
||||
|
||||
Warning: DOMDocument::loadXML(): Entity 'xxe' not defined in Entity, line: %d in %s on line %d
|
||||
bool(true)
|
||||
Done
|
@ -0,0 +1 @@
|
||||
SECRET_DATA
|
Loading…
Reference in New Issue
Block a user