public function PHPExcel_Reader_Abstract::securityScan in Loft Data Grids 6.2
Same name and namespace in other branches
- 7.2 vendor/phpoffice/phpexcel/Classes/PHPExcel/Reader/Abstract.php \PHPExcel_Reader_Abstract::securityScan()
* Scan theXML for use of <!ENTITY to prevent XXE/XEE attacks * *
Parameters
string $xml: * @throws PHPExcel_Reader_Exception
12 calls to PHPExcel_Reader_Abstract::securityScan()
- PHPExcel_Reader_Abstract::securityScanFile in vendor/
phpoffice/ phpexcel/ Classes/ PHPExcel/ Reader/ Abstract.php - * Scan theXML for use of <!ENTITY to prevent XXE/XEE attacks * *
- PHPExcel_Reader_Excel2003XML::listWorksheetInfo in vendor/
phpoffice/ phpexcel/ Classes/ PHPExcel/ Reader/ Excel2003XML.php - * Return worksheet info (Name, Last Column Letter, Last Column Index, Total Rows, Total Columns) * *
- PHPExcel_Reader_Excel2003XML::listWorksheetNames in vendor/
phpoffice/ phpexcel/ Classes/ PHPExcel/ Reader/ Excel2003XML.php - * Reads names of the worksheets from a file, without parsing the whole file to a PHPExcel object * *
- PHPExcel_Reader_Excel2003XML::loadIntoExisting in vendor/
phpoffice/ phpexcel/ Classes/ PHPExcel/ Reader/ Excel2003XML.php - * Loads PHPExcel from file into PHPExcel instance * *
- PHPExcel_Reader_Excel2007::canRead in vendor/
phpoffice/ phpexcel/ Classes/ PHPExcel/ Reader/ Excel2007.php - * Can the current PHPExcel_Reader_IReader read the file? * *
1 method overrides PHPExcel_Reader_Abstract::securityScan()
- PHPExcel_Reader_HTML::securityScan in vendor/
phpoffice/ phpexcel/ Classes/ PHPExcel/ Reader/ HTML.php - * Scan theXML for use of <!ENTITY to prevent XXE/XEE attacks * *
File
- vendor/
phpoffice/ phpexcel/ Classes/ PHPExcel/ Reader/ Abstract.php, line 236
Class
- PHPExcel_Reader_Abstract
- PHPExcel_Reader_Abstract
Code
public function securityScan($xml) {
$pattern = '/\\0?' . implode('\\0?', str_split('<!DOCTYPE')) . '\\0?/';
if (preg_match($pattern, $xml)) {
throw new PHPExcel_Reader_Exception('Detected use of ENTITY in XML, spreadsheet file load() aborted to prevent XXE/XEE attacks');
}
return $xml;
}