diff options
Diffstat (limited to 'vendor/ZendXml/library/ZendXml')
3 files changed, 40 insertions, 19 deletions
diff --git a/vendor/ZendXml/library/ZendXml/Exception/InvalidArgumentException.php b/vendor/ZendXml/library/ZendXml/Exception/InvalidArgumentException.php index 819fb9f6e..0fef6b298 100644 --- a/vendor/ZendXml/library/ZendXml/Exception/InvalidArgumentException.php +++ b/vendor/ZendXml/library/ZendXml/Exception/InvalidArgumentException.php @@ -12,8 +12,6 @@ namespace ZendXml\Exception; /** * Invalid argument exception */ -class InvalidArgumentException - extends \InvalidArgumentException - implements ExceptionInterface +class InvalidArgumentException extends \InvalidArgumentException implements ExceptionInterface { } diff --git a/vendor/ZendXml/library/ZendXml/Exception/RuntimeException.php b/vendor/ZendXml/library/ZendXml/Exception/RuntimeException.php index 1d5f50625..b730da4ff 100644 --- a/vendor/ZendXml/library/ZendXml/Exception/RuntimeException.php +++ b/vendor/ZendXml/library/ZendXml/Exception/RuntimeException.php @@ -12,8 +12,6 @@ namespace ZendXml\Exception; /** * Runtime exception */ -class RuntimeException - extends \RuntimeException - implements ExceptionInterface +class RuntimeException extends \RuntimeException implements ExceptionInterface { } diff --git a/vendor/ZendXml/library/ZendXml/Security.php b/vendor/ZendXml/library/ZendXml/Security.php index d258311f4..e97a54d77 100644 --- a/vendor/ZendXml/library/ZendXml/Security.php +++ b/vendor/ZendXml/library/ZendXml/Security.php @@ -33,17 +33,12 @@ class Security * * @param string $xml * @param DomDocument $dom - * @param Callable( - * @param $xml - * @param $dom - * @return DomDocument|boolean - * ) $loadCallback if given allows to customize the load command e.g.: - * function ($xml, $dom) { return $dom->loadHTML($xml, LIBXML_NONET); } + * @param int $libXmlConstants additional libxml constants to pass in + * @param Callable $callback the callback to use to create the dom element * @throws Exception\RuntimeException * @return SimpleXMLElement|DomDocument|boolean */ - public static function scan($xml, DOMDocument $dom = null, - $loadCallback = null) + private static function scanString($xml, $dom, $libXmlConstants, $callback) { // If running with PHP-FPM we perform an heuristic scan // We cannot use libxml_disable_entity_loader because of this bug @@ -71,11 +66,7 @@ class Security return false; }, E_WARNING); - if ($loadCallback) { - $result = $loadCallback($xml, $dom); - } else { - $result = $dom->loadXml($xml, LIBXML_NONET); - } + $result = $callback($xml, $dom, LIBXML_NONET | $libXmlConstants); restore_error_handler(); @@ -111,6 +102,40 @@ class Security } /** + * Scan HTML string for potential XXE and XEE attacks + * + * @param string $xml + * @param DomDocument $dom + * @param int $libXmlConstants additional libxml constants to pass in + * @throws Exception\RuntimeException + * @return SimpleXMLElement|DomDocument|boolean + */ + public static function scanHtml($html, DOMDocument $dom = null, $libXmlConstants = 0) + { + $callback = function ($html, $dom, $constants) { + return $dom->loadHtml($html, $constants); + }; + return self::scanString($html, $dom, $libXmlConstants, $callback); + } + + /** + * Scan XML string for potential XXE and XEE attacks + * + * @param string $xml + * @param DomDocument $dom + * @param int $libXmlConstants additional libxml constants to pass in + * @throws Exception\RuntimeException + * @return SimpleXMLElement|DomDocument|boolean + */ + public static function scan($xml, DOMDocument $dom = null, $libXmlConstants = 0) + { + $callback = function ($xml, $dom, $constants) { + return $dom->loadXml($xml, $constants); + }; + return self::scanString($xml, $dom, $libXmlConstants, $callback); + } + + /** * Scan XML file for potential XXE/XEE attacks * * @param string $file |