1--TEST-- 2GHSA-3qrf-m4j2-pcrr (libxml global state entity loader bypass) 3--EXTENSIONS-- 4libxml 5simplexml 6zend_test 7--SKIPIF-- 8<?php 9if (!function_exists('zend_test_override_libxml_global_state')) die('skip not for Windows'); 10?> 11--FILE-- 12<?php 13 14$xml = "<?xml version='1.0'?><!DOCTYPE root [<!ENTITY % bork SYSTEM \"php://nope\"> %bork;]><nothing/>"; 15 16libxml_use_internal_errors(true); 17zend_test_override_libxml_global_state(); 18 19echo "--- String test ---\n"; 20simplexml_load_string($xml); 21echo "--- Constructor test ---\n"; 22new SimpleXMLElement($xml); 23echo "--- File test ---\n"; 24file_put_contents("libxml_global_state_entity_loader_bypass.tmp", $xml); 25simplexml_load_file("libxml_global_state_entity_loader_bypass.tmp"); 26 27echo "Done\n"; 28 29?> 30--CLEAN-- 31<?php 32@unlink("libxml_global_state_entity_loader_bypass.tmp"); 33?> 34--EXPECT-- 35--- String test --- 36--- Constructor test --- 37--- File test --- 38Done 39
