1--TEST-- 2XML parsing with LIBXML_NO_XXE 3--EXTENSIONS-- 4simplexml 5--SKIPIF-- 6<?php 7if (!defined('LIBXML_NO_XXE')) die('skip LIBXML_NO_XXE not available'); 8?> 9--FILE-- 10<?php 11 12$xml = <<< XML 13<?xml version='1.0' encoding='utf-8'?> 14<!DOCTYPE set [ 15 <!ENTITY foo '<foo>bar</foo>'> 16 <!ENTITY xxe SYSTEM "file:///etc/passwd"> 17]> 18<set>&foo;&xxe;</set> 19XML; 20 21var_dump(simplexml_load_string($xml, options: LIBXML_NOENT | LIBXML_NO_XXE)); 22 23?> 24--EXPECT-- 25object(SimpleXMLElement)#1 (1) { 26 ["foo"]=> 27 string(3) "bar" 28} 29
