src/PhpSpreadsheet/Reader/BaseReader.php 1 location
|
@@ 251-259 (lines=9) @@
|
| 248 |
|
* @param string $xml |
| 249 |
|
* @throws Exception |
| 250 |
|
*/ |
| 251 |
|
public function securityScan($xml) |
| 252 |
|
{ |
| 253 |
|
$pattern = '/\\0?' . implode('\\0?', str_split('<!DOCTYPE')) . '\\0?/'; |
| 254 |
|
if (preg_match($pattern, $xml)) { |
| 255 |
|
throw new Exception('Detected use of ENTITY in XML, spreadsheet file load() aborted to prevent XXE/XEE attacks'); |
| 256 |
|
} |
| 257 |
|
|
| 258 |
|
return $xml; |
| 259 |
|
} |
| 260 |
|
|
| 261 |
|
/** |
| 262 |
|
* Scan theXML for use of <!ENTITY to prevent XXE/XEE attacks |
src/PhpSpreadsheet/Reader/HTML.php 1 location
|
@@ 565-573 (lines=9) @@
|
| 562 |
|
* @param string $xml |
| 563 |
|
* @throws Exception |
| 564 |
|
*/ |
| 565 |
|
public function securityScan($xml) |
| 566 |
|
{ |
| 567 |
|
$pattern = '/\\0?' . implode('\\0?', str_split('<!ENTITY')) . '\\0?/'; |
| 568 |
|
if (preg_match($pattern, $xml)) { |
| 569 |
|
throw new Exception('Detected use of ENTITY in XML, spreadsheet file load() aborted to prevent XXE/XEE attacks'); |
| 570 |
|
} |
| 571 |
|
|
| 572 |
|
return $xml; |
| 573 |
|
} |
| 574 |
|
} |
| 575 |
|
|
PHPOffice /
PhpSpreadsheet
