1--TEST-- 2GHSA-3qrf-m4j2-pcrr (libxml global state entity loader bypass) 3--EXTENSIONS-- 4libxml 5xmlreader 6zend_test 7--SKIPIF-- 8<?php 9if (!function_exists('zend_test_override_libxml_global_state')) die('skip not for Windows'); 10?> 11--FILE-- 12<?php 13 14$xml = "<?xml version='1.0'?><!DOCTYPE root [<!ENTITY % bork SYSTEM \"php://nope\"> %bork;]><nothing/>"; 15 16libxml_use_internal_errors(true); 17zend_test_override_libxml_global_state(); 18 19echo "--- String test ---\n"; 20$reader = XMLReader::xml($xml); 21$reader->read(); 22 23echo "--- File test ---\n"; 24file_put_contents("libxml_global_state_entity_loader_bypass.tmp", $xml); 25$reader = XMLReader::open("libxml_global_state_entity_loader_bypass.tmp"); 26$reader->read(); 27 28echo "--- Stream test ---\n"; 29$stream = fopen("libxml_global_state_entity_loader_bypass.tmp", "r"); 30$reader = XMLReader::fromStream($stream); 31$reader->read(); 32fclose($stream); 33 34echo "Done\n"; 35 36?> 37--CLEAN-- 38<?php 39@unlink("libxml_global_state_entity_loader_bypass.tmp"); 40?> 41--EXPECT-- 42--- String test --- 43--- File test --- 44--- Stream test --- 45Done 46
