diff options
author | Scott MacVicar <scottmac@php.net> | 2014-01-06 17:05:34 +0000 |
---|---|---|
committer | Scott MacVicar <scottmac@php.net> | 2014-01-06 17:05:34 +0000 |
commit | 28beaaad9c1053490827f97fdb99f418ae1514f6 (patch) | |
tree | 2afea07e96326bff2a938a2016aedbe5989602e3 | |
parent | 61e1f79585dd610b0390be4792ef3e98906644af (diff) | |
parent | 42f084c692bca98e3129bddb3b6b0d213eff12e8 (diff) | |
download | php-git-28beaaad9c1053490827f97fdb99f418ae1514f6.tar.gz |
Merge branch 'PHP-5.5' into PHP-5.6
* PHP-5.5:
[libxml] Unit test for libxml_disable_entity_loader()
-rw-r--r-- | ext/libxml/tests/libxml_disable_entity_loader.phpt | 41 | ||||
-rw-r--r-- | ext/libxml/tests/libxml_disable_entity_loader_payload.txt | 1 |
2 files changed, 42 insertions, 0 deletions
diff --git a/ext/libxml/tests/libxml_disable_entity_loader.phpt b/ext/libxml/tests/libxml_disable_entity_loader.phpt new file mode 100644 index 0000000000..6477543fb2 --- /dev/null +++ b/ext/libxml/tests/libxml_disable_entity_loader.phpt @@ -0,0 +1,41 @@ +--TEST-- +libxml_disable_entity_loader() +--SKIPIF-- +<?php if (!extension_loaded('libxml') || !extension_loaded('dom') || defined('PHP_WINDOWS_VERSION_MAJOR')) die('skip'); ?> +--FILE-- +<?php + +$xml = <<<EOT +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE test [<!ENTITY xxe SYSTEM "XXE_URI">]> +<foo>&xxe;</foo> +EOT; + +$xml = str_replace('XXE_URI', __DIR__ . '/libxml_disable_entity_loader_payload.txt', $xml); + +function parseXML($xml) { + $doc = new DOMDocument(); + $doc->resolveExternals = true; + $doc->substituteEntities = true; + $doc->validateOnParse = false; + $doc->loadXML($xml, 0); + return $doc->saveXML(); +} + +var_dump(strpos(parseXML($xml), 'SECRET_DATA') !== false); +var_dump(libxml_disable_entity_loader(true)); +var_dump(strpos(parseXML($xml), 'SECRET_DATA') === false); + +echo "Done\n"; +?> +--EXPECTF-- +bool(true) +bool(false) + +Warning: DOMDocument::loadXML(): I/O warning : failed to load external entity "%s" in %s on line %d + +Warning: DOMDocument::loadXML(): Failure to process entity xxe in Entity, line: %d in %s on line %d + +Warning: DOMDocument::loadXML(): Entity 'xxe' not defined in Entity, line: %d in %s on line %d +bool(true) +Done diff --git a/ext/libxml/tests/libxml_disable_entity_loader_payload.txt b/ext/libxml/tests/libxml_disable_entity_loader_payload.txt new file mode 100644 index 0000000000..3b8a43cc1d --- /dev/null +++ b/ext/libxml/tests/libxml_disable_entity_loader_payload.txt @@ -0,0 +1 @@ +SECRET_DATA
\ No newline at end of file |