1--TEST-- 2GHSA-3qrf-m4j2-pcrr (libxml global state entity loader bypass) 3--EXTENSIONS-- 4dom 5libxml 6zend_test 7--SKIPIF-- 8<?php 9if (!function_exists('zend_test_override_libxml_global_state')) die('skip not for Windows'); 10?> 11--FILE-- 12<?php 13 14$xml = "<?xml version='1.0'?><!DOCTYPE root [<!ENTITY % bork SYSTEM \"php://nope\"> %bork;]><nothing/>"; 15 16libxml_use_internal_errors(true); 17 18function parseXML($xml) { 19 $doc = new DOMDocument(); 20 @$doc->loadXML($xml); 21 $doc->createDocumentFragment()->appendXML("&bork;"); 22 foreach (libxml_get_errors() as $error) { 23 var_dump(trim($error->message)); 24 } 25} 26 27parseXML($xml); 28zend_test_override_libxml_global_state(); 29parseXML($xml); 30 31echo "Done\n"; 32 33?> 34--EXPECT-- 35string(25) "Entity 'bork' not defined" 36string(25) "Entity 'bork' not defined" 37string(25) "Entity 'bork' not defined" 38Done 39
