1--TEST-- 2GHSA-3qrf-m4j2-pcrr (libxml global state entity loader bypass) 3--SKIPIF-- 4<?php 5if (!extension_loaded('libxml')) die('skip libxml extension not available'); 6if (!extension_loaded('simplexml')) die('skip simplexml extension not available'); 7if (!extension_loaded('zend-test')) die('skip zend-test extension not available'); 8if (!function_exists('zend_test_override_libxml_global_state')) die('skip not for Windows'); 9?> 10--FILE-- 11<?php 12 13$xml = "<?xml version='1.0'?><!DOCTYPE root [<!ENTITY % bork SYSTEM \"php://nope\"> %bork;]><nothing/>"; 14 15libxml_use_internal_errors(true); 16zend_test_override_libxml_global_state(); 17 18echo "--- String test ---\n"; 19simplexml_load_string($xml); 20echo "--- Constructor test ---\n"; 21new SimpleXMLElement($xml); 22echo "--- File test ---\n"; 23file_put_contents("libxml_global_state_entity_loader_bypass.tmp", $xml); 24simplexml_load_file("libxml_global_state_entity_loader_bypass.tmp"); 25 26echo "Done\n"; 27 28?> 29--CLEAN-- 30<?php 31@unlink("libxml_global_state_entity_loader_bypass.tmp"); 32?> 33--EXPECT-- 34--- String test --- 35--- Constructor test --- 36--- File test --- 37Done 38