src/PhpSpreadsheet/Reader/BaseReader.php 1 location
|
@@ 256-264 (lines=9) @@
|
| 253 |
|
* |
| 254 |
|
* @throws Exception |
| 255 |
|
*/ |
| 256 |
|
public function securityScan($xml) |
| 257 |
|
{ |
| 258 |
|
$pattern = '/\\0?' . implode('\\0?', str_split('<!DOCTYPE')) . '\\0?/'; |
| 259 |
|
if (preg_match($pattern, $xml)) { |
| 260 |
|
throw new Exception('Detected use of ENTITY in XML, spreadsheet file load() aborted to prevent XXE/XEE attacks'); |
| 261 |
|
} |
| 262 |
|
|
| 263 |
|
return $xml; |
| 264 |
|
} |
| 265 |
|
|
| 266 |
|
/** |
| 267 |
|
* Scan theXML for use of <!ENTITY to prevent XXE/XEE attacks. |
src/PhpSpreadsheet/Reader/HTML.php 1 location
|
@@ 573-581 (lines=9) @@
|
| 570 |
|
* |
| 571 |
|
* @throws Exception |
| 572 |
|
*/ |
| 573 |
|
public function securityScan($xml) |
| 574 |
|
{ |
| 575 |
|
$pattern = '/\\0?' . implode('\\0?', str_split('<!ENTITY')) . '\\0?/'; |
| 576 |
|
if (preg_match($pattern, $xml)) { |
| 577 |
|
throw new Exception('Detected use of ENTITY in XML, spreadsheet file load() aborted to prevent XXE/XEE attacks'); |
| 578 |
|
} |
| 579 |
|
|
| 580 |
|
return $xml; |
| 581 |
|
} |
| 582 |
|
} |
| 583 |
|
|
PHPOffice /
PhpSpreadsheet
