1--TEST-- 2GHSA-3qrf-m4j2-pcrr (libxml global state entity loader bypass) 3--EXTENSIONS-- 4libxml 5xmlreader 6zend_test 7--SKIPIF-- 8<?php 9if (!function_exists('zend_test_override_libxml_global_state')) die('skip not for Windows'); 10?> 11--FILE-- 12<?php 13 14$xml = "<?xml version='1.0'?><!DOCTYPE root [<!ENTITY % bork SYSTEM \"php://nope\"> %bork;]><nothing/>"; 15 16libxml_use_internal_errors(true); 17zend_test_override_libxml_global_state(); 18 19echo "--- String test ---\n"; 20$reader = XMLReader::xml($xml); 21$reader->read(); 22echo "--- File test ---\n"; 23file_put_contents("libxml_global_state_entity_loader_bypass.tmp", $xml); 24$reader = XMLReader::open("libxml_global_state_entity_loader_bypass.tmp"); 25$reader->read(); 26 27echo "Done\n"; 28 29?> 30--CLEAN-- 31<?php 32@unlink("libxml_global_state_entity_loader_bypass.tmp"); 33?> 34--EXPECT-- 35--- String test --- 36--- File test --- 37Done 38
