You are here

public function PHPExcel_Reader_HTML::securityScan in Loft Data Grids 7.2

Same name and namespace in other branches

6.2 vendor/phpoffice/phpexcel/Classes/PHPExcel/Reader/HTML.php \PHPExcel_Reader_HTML::securityScan()

* Scan theXML for use of <!ENTITY to prevent XXE/XEE attacks * *

Parameters

string $xml: * @throws PHPExcel_Reader_Exception

Overrides PHPExcel_Reader_Abstract::securityScan

File

vendor/phpoffice/phpexcel/Classes/PHPExcel/Reader/HTML.php, line 524

Class

PHPExcel_Reader_HTML: PHPExcel_Reader_HTML

Code

public function securityScan($xml) {
  $pattern = '/\\0?' . implode('\\0?', str_split('<!ENTITY')) . '\\0?/';
  if (preg_match($pattern, $xml)) {
    throw new PHPExcel_Reader_Exception('Detected use of ENTITY in XML, spreadsheet file load() aborted to prevent XXE/XEE attacks');
  }
  return $xml;
}