1--TEST-- 2GHSA-3qrf-m4j2-pcrr (libxml global state entity loader bypass) 3--SKIPIF-- 4<?php 5if (!extension_loaded('libxml')) die('skip libxml extension not available'); 6if (!extension_loaded('dom')) die('skip dom extension not available'); 7if (!extension_loaded('zend-test')) die('skip zend-test extension not available'); 8if (!function_exists('zend_test_override_libxml_global_state')) die('skip not for Windows'); 9?> 10--FILE-- 11<?php 12 13$xml = "<?xml version='1.0'?><!DOCTYPE root [<!ENTITY % bork SYSTEM \"php://nope\"> %bork;]><nothing/>"; 14 15libxml_use_internal_errors(true); 16 17function parseXML($xml) { 18 $doc = new DOMDocument(); 19 @$doc->loadXML($xml); 20 $doc->createDocumentFragment()->appendXML("&bork;"); 21 foreach (libxml_get_errors() as $error) { 22 var_dump(trim($error->message)); 23 } 24} 25 26parseXML($xml); 27zend_test_override_libxml_global_state(); 28parseXML($xml); 29 30echo "Done\n"; 31 32?> 33--EXPECT-- 34string(25) "Entity 'bork' not defined" 35string(25) "Entity 'bork' not defined" 36string(25) "Entity 'bork' not defined" 37Done 38
