1--TEST--
2GHSA-3qrf-m4j2-pcrr (libxml global state entity loader bypass)
3--SKIPIF--
4<?php
5if (!extension_loaded('libxml')) die('skip libxml extension not available');
6if (!extension_loaded('simplexml')) die('skip simplexml extension not available');
7if (!extension_loaded('zend-test')) die('skip zend-test extension not available');
8if (!function_exists('zend_test_override_libxml_global_state')) die('skip not for Windows');
9?>
10--FILE--
11<?php
12
13$xml = "<?xml version='1.0'?><!DOCTYPE root [<!ENTITY % bork SYSTEM \"php://nope\"> %bork;]><nothing/>";
14
15libxml_use_internal_errors(true);
16zend_test_override_libxml_global_state();
17
18echo "--- String test ---\n";
19simplexml_load_string($xml);
20echo "--- Constructor test ---\n";
21new SimpleXMLElement($xml);
22echo "--- File test ---\n";
23file_put_contents("libxml_global_state_entity_loader_bypass.tmp", $xml);
24simplexml_load_file("libxml_global_state_entity_loader_bypass.tmp");
25
26echo "Done\n";
27
28?>
29--CLEAN--
30<?php
31@unlink("libxml_global_state_entity_loader_bypass.tmp");
32?>
33--EXPECT--
34--- String test ---
35--- Constructor test ---
36--- File test ---
37Done
38