1--TEST-- 2GHSA-3qrf-m4j2-pcrr (libxml global state entity loader bypass) 3--SKIPIF-- 4<?php 5if (!extension_loaded('libxml')) die('skip libxml extension not available'); 6if (!extension_loaded('xmlreader')) die('skip xmlreader extension not available'); 7if (!extension_loaded('zend-test')) die('skip zend-test extension not available'); 8if (!function_exists('zend_test_override_libxml_global_state')) die('skip not for Windows'); 9?> 10--FILE-- 11<?php 12 13$xml = "<?xml version='1.0'?><!DOCTYPE root [<!ENTITY % bork SYSTEM \"php://nope\"> %bork;]><nothing/>"; 14 15libxml_use_internal_errors(true); 16zend_test_override_libxml_global_state(); 17 18echo "--- String test ---\n"; 19$reader = XMLReader::xml($xml); 20$reader->read(); 21echo "--- File test ---\n"; 22file_put_contents("libxml_global_state_entity_loader_bypass.tmp", $xml); 23$reader = XMLReader::open("libxml_global_state_entity_loader_bypass.tmp"); 24$reader->read(); 25 26echo "Done\n"; 27 28?> 29--CLEAN-- 30<?php 31@unlink("libxml_global_state_entity_loader_bypass.tmp"); 32?> 33--EXPECT-- 34--- String test --- 35--- File test --- 36Done 37
