clones/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-09-22 10:27:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
824d1f95ad
php-src/ext/libxml/tests/libxml_entity_loading_disabled_by_default.phpt
Patrick Allaert ac18dd0dc7 Prefer EXPECT over EXPECTF
2021-06-29 17:13:02 +02:00

53 lines
1.1 KiB
PHP
Raw Blame History

--TEST--
libxml_disable_entity_loader()
--EXTENSIONS--
libxml
dom
--FILE--
<?php
$xml = <<<EOT
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE test [<!ENTITY xxe SYSTEM "XXE_URI">]>
<foo>&xxe;</foo>
EOT;
$dir = str_replace('\\', '/', __DIR__);
$xml = str_replace('XXE_URI', $dir . '/libxml_disable_entity_loader_payload.txt', $xml);
function parseXML1($xml) {
$doc = new DOMDocument();
$doc->loadXML($xml, 0);
return $doc->saveXML();
}
function parseXML2($xml) {
return simplexml_load_string($xml);
}
function parseXML3($xml) {
$p = xml_parser_create();
xml_parse_into_struct($p, $xml, $vals, $index);
xml_parser_free($p);
return var_export($vals, true);
}
function parseXML4($xml) {
// This is the only time we enable external entity loading.
return simplexml_load_string($xml, 'SimpleXMLElement', LIBXML_NOENT);
}
var_dump(strpos(parseXML1($xml), 'SECRET_DATA') === false);
var_dump(strpos(parseXML2($xml), 'SECRET_DATA') === false);
var_dump(strpos(parseXML3($xml), 'SECRET_DATA') === false);
var_dump(strpos(parseXML4($xml), 'SECRET_DATA') === false);
echo "Done\n";
?>
--EXPECT--
bool(true)
bool(true)
bool(true)
bool(false)
Done
Reference in New Issue View Git Blame Copy Permalink