You are here

public function XmlEncoderTest::testPreventsComplexExternalEntities in Zircon Profile 8

Same name and namespace in other branches
  1. 8.0 vendor/symfony/serializer/Tests/Encoder/XmlEncoderTest.php \Symfony\Component\Serializer\Tests\Encoder\XmlEncoderTest::testPreventsComplexExternalEntities()

File

vendor/symfony/serializer/Tests/Encoder/XmlEncoderTest.php, line 415

Class

XmlEncoderTest

Namespace

Symfony\Component\Serializer\Tests\Encoder

Code

public function testPreventsComplexExternalEntities() {
  $oldCwd = getcwd();
  chdir(__DIR__);
  try {
    $this->encoder
      ->decode('<?xml version="1.0"?><!DOCTYPE scan[<!ENTITY test SYSTEM "php://filter/read=convert.base64-encode/resource=XmlEncoderTest.php">]><scan>&test;</scan>', 'xml');
    chdir($oldCwd);
    $this
      ->fail('No exception was thrown.');
  } catch (\Exception $e) {
    chdir($oldCwd);
    if (!$e instanceof UnexpectedValueException) {
      $this
        ->fail('Expected UnexpectedValueException');
    }
  }
}