summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorScott MacVicar <scottmac@php.net>2014-01-06 17:05:34 +0000
committerScott MacVicar <scottmac@php.net>2014-01-06 17:05:34 +0000
commit28beaaad9c1053490827f97fdb99f418ae1514f6 (patch)
tree2afea07e96326bff2a938a2016aedbe5989602e3
parent61e1f79585dd610b0390be4792ef3e98906644af (diff)
parent42f084c692bca98e3129bddb3b6b0d213eff12e8 (diff)
downloadphp-git-28beaaad9c1053490827f97fdb99f418ae1514f6.tar.gz
Merge branch 'PHP-5.5' into PHP-5.6
* PHP-5.5: [libxml] Unit test for libxml_disable_entity_loader()
-rw-r--r--ext/libxml/tests/libxml_disable_entity_loader.phpt41
-rw-r--r--ext/libxml/tests/libxml_disable_entity_loader_payload.txt1
2 files changed, 42 insertions, 0 deletions
diff --git a/ext/libxml/tests/libxml_disable_entity_loader.phpt b/ext/libxml/tests/libxml_disable_entity_loader.phpt
new file mode 100644
index 0000000000..6477543fb2
--- /dev/null
+++ b/ext/libxml/tests/libxml_disable_entity_loader.phpt
@@ -0,0 +1,41 @@
+--TEST--
+libxml_disable_entity_loader()
+--SKIPIF--
+<?php if (!extension_loaded('libxml') || !extension_loaded('dom') || defined('PHP_WINDOWS_VERSION_MAJOR')) die('skip'); ?>
+--FILE--
+<?php
+
+$xml = <<<EOT
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE test [<!ENTITY xxe SYSTEM "XXE_URI">]>
+<foo>&xxe;</foo>
+EOT;
+
+$xml = str_replace('XXE_URI', __DIR__ . '/libxml_disable_entity_loader_payload.txt', $xml);
+
+function parseXML($xml) {
+ $doc = new DOMDocument();
+ $doc->resolveExternals = true;
+ $doc->substituteEntities = true;
+ $doc->validateOnParse = false;
+ $doc->loadXML($xml, 0);
+ return $doc->saveXML();
+}
+
+var_dump(strpos(parseXML($xml), 'SECRET_DATA') !== false);
+var_dump(libxml_disable_entity_loader(true));
+var_dump(strpos(parseXML($xml), 'SECRET_DATA') === false);
+
+echo "Done\n";
+?>
+--EXPECTF--
+bool(true)
+bool(false)
+
+Warning: DOMDocument::loadXML(): I/O warning : failed to load external entity "%s" in %s on line %d
+
+Warning: DOMDocument::loadXML(): Failure to process entity xxe in Entity, line: %d in %s on line %d
+
+Warning: DOMDocument::loadXML(): Entity 'xxe' not defined in Entity, line: %d in %s on line %d
+bool(true)
+Done
diff --git a/ext/libxml/tests/libxml_disable_entity_loader_payload.txt b/ext/libxml/tests/libxml_disable_entity_loader_payload.txt
new file mode 100644
index 0000000000..3b8a43cc1d
--- /dev/null
+++ b/ext/libxml/tests/libxml_disable_entity_loader_payload.txt
@@ -0,0 +1 @@
+SECRET_DATA \ No newline at end of file