You are here

Home » API reference » Loft Data Grids 6.2 » Abstract.php » PHPExcel_Reader_Abstract

public function PHPExcel_Reader_Abstract::securityScan in Loft Data Grids 6.2

Same name and namespace in other branches
  1. 7.2 vendor/phpoffice/phpexcel/Classes/PHPExcel/Reader/Abstract.php \PHPExcel_Reader_Abstract::securityScan()

* Scan theXML for use of <!ENTITY to prevent XXE/XEE attacks * *

Parameters

string $xml: * @throws PHPExcel_Reader_Exception

12 calls to PHPExcel_Reader_Abstract::securityScan()
PHPExcel_Reader_Abstract::securityScanFile in vendor/phpoffice/phpexcel/Classes/PHPExcel/Reader/Abstract.php
* Scan theXML for use of <!ENTITY to prevent XXE/XEE attacks * *
PHPExcel_Reader_Excel2003XML::listWorksheetInfo in vendor/phpoffice/phpexcel/Classes/PHPExcel/Reader/Excel2003XML.php
* Return worksheet info (Name, Last Column Letter, Last Column Index, Total Rows, Total Columns) * *
PHPExcel_Reader_Excel2003XML::listWorksheetNames in vendor/phpoffice/phpexcel/Classes/PHPExcel/Reader/Excel2003XML.php
* Reads names of the worksheets from a file, without parsing the whole file to a PHPExcel object * *
PHPExcel_Reader_Excel2003XML::loadIntoExisting in vendor/phpoffice/phpexcel/Classes/PHPExcel/Reader/Excel2003XML.php
* Loads PHPExcel from file into PHPExcel instance * *
PHPExcel_Reader_Excel2007::canRead in vendor/phpoffice/phpexcel/Classes/PHPExcel/Reader/Excel2007.php
* Can the current PHPExcel_Reader_IReader read the file? * *

... See full list

1 method overrides PHPExcel_Reader_Abstract::securityScan()
PHPExcel_Reader_HTML::securityScan in vendor/phpoffice/phpexcel/Classes/PHPExcel/Reader/HTML.php
* Scan theXML for use of <!ENTITY to prevent XXE/XEE attacks * *

File

vendor/phpoffice/phpexcel/Classes/PHPExcel/Reader/Abstract.php, line 236

Class

PHPExcel_Reader_Abstract
PHPExcel_Reader_Abstract

Code

public function securityScan($xml) {
  $pattern = '/\\0?' . implode('\\0?', str_split('<!DOCTYPE')) . '\\0?/';
  if (preg_match($pattern, $xml)) {
    throw new PHPExcel_Reader_Exception('Detected use of ENTITY in XML, spreadsheet file load() aborted to prevent XXE/XEE attacks');
  }
  return $xml;
}