src/PhpSpreadsheet/Reader/BaseReader.php 1 location
|
@@ 275-283 (lines=9) @@
|
| 272 |
|
* @param string $xml |
| 273 |
|
* @throws Exception |
| 274 |
|
*/ |
| 275 |
|
public function securityScan($xml) |
| 276 |
|
{ |
| 277 |
|
$pattern = '/\\0?' . implode('\\0?', str_split('<!DOCTYPE')) . '\\0?/'; |
| 278 |
|
if (preg_match($pattern, $xml)) { |
| 279 |
|
throw new Exception('Detected use of ENTITY in XML, spreadsheet file load() aborted to prevent XXE/XEE attacks'); |
| 280 |
|
} |
| 281 |
|
|
| 282 |
|
return $xml; |
| 283 |
|
} |
| 284 |
|
|
| 285 |
|
/** |
| 286 |
|
* Scan theXML for use of <!ENTITY to prevent XXE/XEE attacks |
src/PhpSpreadsheet/Reader/HTML.php 1 location
|
@@ 559-567 (lines=9) @@
|
| 556 |
|
* @param string $xml |
| 557 |
|
* @throws Exception |
| 558 |
|
*/ |
| 559 |
|
public function securityScan($xml) |
| 560 |
|
{ |
| 561 |
|
$pattern = '/\\0?' . implode('\\0?', str_split('<!ENTITY')) . '\\0?/'; |
| 562 |
|
if (preg_match($pattern, $xml)) { |
| 563 |
|
throw new Exception('Detected use of ENTITY in XML, spreadsheet file load() aborted to prevent XXE/XEE attacks'); |
| 564 |
|
} |
| 565 |
|
|
| 566 |
|
return $xml; |
| 567 |
|
} |
| 568 |
|
} |
| 569 |
|
|
PHPOffice /
PhpSpreadsheet
