src/PhpSpreadsheet/Reader/Html.php 1 location
|
@@ 573-581 (lines=9) @@
|
| 570 |
|
* |
| 571 |
|
* @throws Exception |
| 572 |
|
*/ |
| 573 |
|
public function securityScan($xml) |
| 574 |
|
{ |
| 575 |
|
$pattern = '/\\0?' . implode('\\0?', str_split('<!ENTITY')) . '\\0?/'; |
| 576 |
|
if (preg_match($pattern, $xml)) { |
| 577 |
|
throw new Exception('Detected use of ENTITY in XML, spreadsheet file load() aborted to prevent XXE/XEE attacks'); |
| 578 |
|
} |
| 579 |
|
|
| 580 |
|
return $xml; |
| 581 |
|
} |
| 582 |
|
|
| 583 |
|
/** |
| 584 |
|
* Apply inline css inline style. |
src/PhpSpreadsheet/Reader/BaseReader.php 1 location
|
@@ 234-242 (lines=9) @@
|
| 231 |
|
* |
| 232 |
|
* @throws Exception |
| 233 |
|
*/ |
| 234 |
|
public function securityScan($xml) |
| 235 |
|
{ |
| 236 |
|
$pattern = '/\\0?' . implode('\\0?', str_split('<!DOCTYPE')) . '\\0?/'; |
| 237 |
|
if (preg_match($pattern, $xml)) { |
| 238 |
|
throw new Exception('Detected use of ENTITY in XML, spreadsheet file load() aborted to prevent XXE/XEE attacks'); |
| 239 |
|
} |
| 240 |
|
|
| 241 |
|
return $xml; |
| 242 |
|
} |
| 243 |
|
|
| 244 |
|
/** |
| 245 |
|
* Scan theXML for use of <!ENTITY to prevent XXE/XEE attacks. |
PHPOffice /
PhpSpreadsheet
