Reorganize the testsuite

Splitting the testsuite in several components makes it easier to manage and comprehend. This was also needed some some tests aren't passing on Alpine Linux, but we still want to run as many of them as we can on this platform.
author: jvoisin 2019-01-14 19:29:25 +0000
committer: GitHub 2019-01-14 19:29:25 +0000
commit: e79f7e3bd992c7f0915ef9afe7afb6d79740527a (patch)
tree: f881c25694eb00da2331a9ab280ec1c24a5662ab /src/tests/xxe
parent: c943db586ac46b686b49bdf61d8473e39dd93000 (diff)
7 files changed, 338 insertions, 0 deletions
diff --git a/src/tests/xxe/config/disable_xxe.ini b/src/tests/xxe/config/disable_xxe.ini
new file mode 100644
index 0000000..bc9d1f2
--- /dev/null
+++ b/src/tests/xxe/config/disable_xxe.ini
@@ -0,0 +1 @@
+sp.disable_xxe.enable();
diff --git a/src/tests/xxe/config/disable_xxe_disable.ini b/src/tests/xxe/config/disable_xxe_disable.ini
new file mode 100644
index 0000000..bb1e432
--- /dev/null
+++ b/src/tests/xxe/config/disable_xxe_disable.ini
@@ -0,0 +1 @@
+sp.disable_xxe.disable();
diff --git a/src/tests/xxe/disable_xxe_dom.phpt b/src/tests/xxe/disable_xxe_dom.phpt
new file mode 100644
index 0000000..e1459e3
--- /dev/null
+++ b/src/tests/xxe/disable_xxe_dom.phpt
@@ -0,0 +1,73 @@
+--TEST--
+Disable XXE
+--SKIPIF--
+<?php
+ if (!extension_loaded("snuffleupagus")) {
+  echo "skip"; 
+} elseif (!extension_loaded("dom")) {
+        echo "skip";
+}
+ ?>
+--INI--
+sp.configuration_file={PWD}/config/disable_xxe.ini
+--FILE--
+<?php 
+$dir = __DIR__;
+$content = 'WARNING, external entity loaded!';
+file_put_contents('content.txt', $content);
+$xml = <<<EOD
+<?xml version="1.0"?>
+<!DOCTYPE root
+[
+<!ENTITY foo SYSTEM "file://$dir/content.txt">
+]>
+<test><testing>&foo;</testing></test>
+EOD;
+file_put_contents('content.xml', $xml);
+libxml_disable_entity_loader(true);
+$dom = new DOMDocument('1.0');
+$dom->loadXML($xml, LIBXML_DTDATTR|LIBXML_DTDLOAD|LIBXML_NOENT);
+printf("libxml_disable_entity to true: %s\n", $dom->getElementsByTagName('testing')->item(0)->nodeValue);
+libxml_disable_entity_loader(false);
+$dom = new DOMDocument('1.0');
+$dom->loadXML($xml, LIBXML_DTDATTR|LIBXML_DTDLOAD|LIBXML_NOENT);
+printf("libxml_disable_entity to false: %s\n", $dom->getElementsByTagName('testing')->item(0)->nodeValue);
+$xml = "<test><testing>foo</testing></test>";
+file_put_contents('content.xml', $xml);
+libxml_disable_entity_loader(false);
+$dom = new DOMDocument('1.0');
+$dom->loadXML($xml, LIBXML_DTDATTR|LIBXML_DTDLOAD|LIBXML_NOENT);
+printf("without xxe: %s", $dom->getElementsByTagName('testing')->item(0)->nodeValue);
+?>
+--EXPECTF--
+Warning: DOMDocument::loadXML(): I/O warning : failed to load external entity "file://%a/content.txt" in %a/disable_xxe_dom.php on line %d
+Warning: DOMDocument::loadXML(): Failure to process entity foo in Entity, line: %d in %a/disable_xxe_dom.php on line %d
+Warning: DOMDocument::loadXML(): Entity 'foo' not defined in Entity, line: %d in %a/disable_xxe_dom.php on line %d
+Notice: Trying to get property %a in %a/disable_xxe_dom.php on line %d
+libxml_disable_entity to true: 
+Warning: DOMDocument::loadXML(): I/O warning : failed to load external entity "file://%a/content.txt" in %a/disable_xxe_dom.php on line %d
+Warning: DOMDocument::loadXML(): Failure to process entity foo in Entity, line: %d in %a/disable_xxe_dom.php on line %d
+Warning: DOMDocument::loadXML(): Entity 'foo' not defined in Entity, line: %d in %a/disable_xxe_dom.php on line %d
+Notice: Trying to get property %a in %a/disable_xxe_dom.php on line %d
+libxml_disable_entity to false: 
+without xxe: foo
+--CLEAN--
+<?php
+$dir = __DIR__;
+unlink($dir . "content.xml");
+unlink($dir . "content.txt");
+?>
diff --git a/src/tests/xxe/disable_xxe_dom_disabled.phpt b/src/tests/xxe/disable_xxe_dom_disabled.phpt
new file mode 100644
index 0000000..a791ebc
--- /dev/null
+++ b/src/tests/xxe/disable_xxe_dom_disabled.phpt
@@ -0,0 +1,55 @@
+--TEST--
+Disable XXE
+--SKIPIF--
+<?php
+ if (!extension_loaded("snuffleupagus")) echo "skip";
+ if (!extension_loaded("dom")) echo "skip";
+ ?>
+--INI--
+sp.configuration_file={PWD}/config/disable_xxe_disable.ini
+--FILE--
+<?php 
+$dir = __DIR__;
+$content = '<content>WARNING, external entity loaded!</content>';
+file_put_contents($dir . '/content.txt', $content);
+$xml = <<<EOD
+<?xml version="1.0"?>
+<!DOCTYPE root
+[
+<!ENTITY foo SYSTEM "file://$dir/content.txt">
+]>
+<test><testing>&foo;</testing></test>
+EOD;
+file_put_contents($dir . '/content.xml', $xml);
+libxml_disable_entity_loader(true);
+$dom = new DOMDocument('1.0');
+$dom->loadXML($xml, LIBXML_DTDATTR|LIBXML_DTDLOAD|LIBXML_NOENT);
+printf("libxml_disable_entity to true: %s\n", $dom->getElementsByTagName('testing')->item(0)->nodeValue);
+libxml_disable_entity_loader(false);
+$dom = new DOMDocument('1.0');
+$dom->loadXML($xml, LIBXML_DTDATTR|LIBXML_DTDLOAD|LIBXML_NOENT);
+printf("libxml_disable_entity to false: %s\n", $dom->getElementsByTagName('testing')->item(0)->nodeValue);
+$xml = "<test><testing>foo</testing></test>";
+file_put_contents('content.xml', $xml);
+libxml_disable_entity_loader(false);
+$dom = new DOMDocument('1.0');
+$dom->loadXML($xml, LIBXML_DTDATTR|LIBXML_DTDLOAD|LIBXML_NOENT);
+printf("without xxe: %s", $dom->getElementsByTagName('testing')->item(0)->nodeValue);
+?>
+--EXPECTF-- 
+libxml_disable_entity to true: WARNING, external entity loaded!
+libxml_disable_entity to false: WARNING, external entity loaded!
+without xxe: foo
+--CLEAN--
+<?php
+$dir = __DIR__;
+unlink($dir . "/content.xml");
+unlink($dir . "/content.txt");
+?>
diff --git a/src/tests/xxe/disable_xxe_simplexml.phpt b/src/tests/xxe/disable_xxe_simplexml.phpt
new file mode 100644
index 0000000..88396c0
--- /dev/null
+++ b/src/tests/xxe/disable_xxe_simplexml.phpt
@@ -0,0 +1,51 @@
+--TEST--
+Disable XXE
+--SKIPIF--
+<?php
+ if (!extension_loaded("snuffleupagus")) echo "skip";
+ if (!extension_loaded("simplexml")) echo "skip";
+ ?>
+--INI--
+sp.configuration_file={PWD}/config/disable_xxe.ini
+--FILE--
+<?php 
+$dir = __DIR__;
+$content = 'WARNING, external entity loaded!';
+file_put_contents('content.txt', $content);
+$xml = <<<EOD
+<?xml version="1.0"?>
+<!DOCTYPE root
+[
+<!ENTITY foo SYSTEM "file://$dir/content.txt">
+]>
+<test><testing>&foo;</testing></test>
+EOD;
+file_put_contents('content.xml', $xml);
+libxml_disable_entity_loader(true);
+$doc = new SimpleXMLElement($xml);
+printf("libxml_disable_entity to true: %s\n", $doc->testing);
+libxml_disable_entity_loader(false);
+$doc = new SimpleXMLElement($xml);
+printf("libxml_disable_entity to false: %s\n", $doc->testing);
+$xml = "<test><testing>foo</testing></test>";
+file_put_contents('content.xml', $xml);
+$doc = new SimpleXMLElement($xml);
+printf("without xxe: %s", $doc->testing);
+?>
+--EXPECT--
+libxml_disable_entity to true: 
+libxml_disable_entity to false: 
+without xxe: foo
+--CLEAN--
+<?php
+$dir = __DIR__;
+unlink($dir . "/content.xml");
+unlink($dir . "/content.txt");
+?>
diff --git a/src/tests/xxe/disable_xxe_simplexml_oop.phpt b/src/tests/xxe/disable_xxe_simplexml_oop.phpt
new file mode 100644
index 0000000..43c4fbf
--- /dev/null
+++ b/src/tests/xxe/disable_xxe_simplexml_oop.phpt
@@ -0,0 +1,51 @@
+--TEST--
+Disable XXE
+--SKIPIF--
+<?php
+ if (!extension_loaded("snuffleupagus")) echo "skip";
+ if (!extension_loaded("simplexml")) echo "skip";
+ ?>
+--INI--
+sp.configuration_file={PWD}/config/disable_xxe.ini
+--FILE--
+<?php 
+$dir = __DIR__;
+$content = 'WARNING, external entity loaded!';
+file_put_contents('content.txt', $content);
+$xml = <<<EOD
+<?xml version="1.0"?>
+<!DOCTYPE root
+[
+<!ENTITY foo SYSTEM "file://$dir/content.txt">
+]>
+<test><testing>&foo;</testing></test>
+EOD;
+file_put_contents('content.xml', $xml);
+libxml_disable_entity_loader(true);
+$doc = simplexml_load_string($xml);
+printf("libxml_disable_entity to true: %s\n", $doc->testing);
+libxml_disable_entity_loader(false);
+$doc = simplexml_load_string($xml);
+printf("libxml_disable_entity to false: %s\n", $doc->testing);
+$xml = "<test><testing>foo</testing></test>";
+file_put_contents('content.xml', $xml);
+$doc = simplexml_load_string($xml);
+printf("without xxe: %s", $doc->testing);
+?>
+--EXPECT--
+libxml_disable_entity to true: 
+libxml_disable_entity to false: 
+without xxe: foo
+--CLEAN--
+<?php
+$dir = __DIR__;
+unlink($dir . "/content.xml");
+unlink($dir . "/content.txt");
+?>
diff --git a/src/tests/xxe/disable_xxe_xml_parse.phpt b/src/tests/xxe/disable_xxe_xml_parse.phpt
new file mode 100644
index 0000000..ca77729
--- /dev/null
+++ b/src/tests/xxe/disable_xxe_xml_parse.phpt
@@ -0,0 +1,106 @@
+--TEST--
+Disable XXE in xml_parse
+--SKIPIF--
+<?php
+ if (!extension_loaded("snuffleupagus")) {
+  echo "skip because snuffleupagus isn't loaded";
+} elseif (!extension_loaded("xml")) {
+  echo "skip because the `xml` extension isn't loaded";
+}
+ ?>
+--INI--
+sp.configuration_file={PWD}/config/disable_xxe.ini
+--FILE--
+<?php 
+$dir = __DIR__;
+$content = 'WARNING, external entity loaded!';
+file_put_contents('content.txt', $content);
+$xml = <<<EOD
+<?xml version="1.0"?>
+<!DOCTYPE root
+[
+<!ENTITY foo SYSTEM "file://$dir/content.txt">
+]>
+<test><testing>&foo;</testing></test>
+EOD;
+file_put_contents('content.xml', $xml);
+function create_parser() {
+        $parser = xml_parser_create();
+        xml_set_element_handler(
+                $parser,
+                function($parser, $name, array $attributes) {
+                        var_dump($name);
+                        echo "\n";
+                        var_dump($attributes);
+                },
+                function($parser, $name) {
+                        var_dump($name);
+                }
+        );
+        xml_set_character_data_handler(
+                $parser,
+                function ($parser, $text){
+                        echo 'text' . $text;
+                }
+        );
+        return $parser;
+}
+libxml_disable_entity_loader(true);
+$parser = create_parser();
+$doc = xml_parse($parser, $xml, true);
+xml_parser_free($parser);
+libxml_disable_entity_loader(false);
+$parser = create_parser();
+$doc = xml_parse($parser, $xml, true);
+xml_parser_free($parser);
+$xml = "<test><testing>foo</testing></test>";
+file_put_contents('content.xml', $xml);
+$parser = create_parser();
+$doc = xml_parse($parser, $xml, true);
+xml_parser_free($parser);
+--EXPECT--
+string(4) "TEST"
+array(0) {
+}
+string(7) "TESTING"
+array(0) {
+}
+string(7) "TESTING"
+string(4) "TEST"
+string(4) "TEST"
+array(0) {
+}
+string(7) "TESTING"
+array(0) {
+}
+string(7) "TESTING"
+string(4) "TEST"
+string(4) "TEST"
+array(0) {
+}
+string(7) "TESTING"
+array(0) {
+}
+textfoostring(7) "TESTING"
+string(4) "TEST"
+--CLEAN--
+<?php
+$dir = __DIR__;
+unlink($dir . "/content.xml");
+unlink($dir . "/content.txt");
+?>
author	jvoisin	2019-01-14 19:29:25 +0000
committer	GitHub	2019-01-14 19:29:25 +0000
commit	e79f7e3bd992c7f0915ef9afe7afb6d79740527a (patch)
tree	f881c25694eb00da2331a9ab280ec1c24a5662ab /src/tests/xxe
parent	c943db586ac46b686b49bdf61d8473e39dd93000 (diff)

diff --git a/src/tests/xxe/config/disable_xxe.ini b/src/tests/xxe/config/disable_xxe.ini new file mode 100644 index 0000000..bc9d1f2 --- /dev/null +++ b/src/tests/xxe/config/disable_xxe.ini
@@ -0,0 +1 @@
		sp.disable_xxe.enable();


diff --git a/src/tests/xxe/config/disable_xxe_disable.ini b/src/tests/xxe/config/disable_xxe_disable.ini new file mode 100644 index 0000000..bb1e432 --- /dev/null +++ b/src/tests/xxe/config/disable_xxe_disable.ini
@@ -0,0 +1 @@
		sp.disable_xxe.disable();


diff --git a/src/tests/xxe/disable_xxe_dom.phpt b/src/tests/xxe/disable_xxe_dom.phpt new file mode 100644 index 0000000..e1459e3 --- /dev/null +++ b/src/tests/xxe/disable_xxe_dom.phpt
@@ -0,0 +1,73 @@
	1	--TEST--
	2	Disable XXE
	3	--SKIPIF--
	4	<?php
	5	if (!extension_loaded("snuffleupagus")) {
	6	echo "skip";
	7	} elseif (!extension_loaded("dom")) {
	8	echo "skip";
	9	}
	10	?>
	11	--INI--
	12	sp.configuration_file={PWD}/config/disable_xxe.ini
	13	--FILE--
	14	<?php
	15	$dir = __DIR__;
	16	$content = 'WARNING, external entity loaded!';
	17	file_put_contents('content.txt', $content);
	18
	19	$xml = <<<EOD
	20	<?xml version="1.0"?>
	21	<!DOCTYPE root
	22	[
	23	<!ENTITY foo SYSTEM "file://$dir/content.txt">
	24	]>
	25	<test><testing>&foo;</testing></test>
	26	EOD;
	27
	28	file_put_contents('content.xml', $xml);
	29
	30	libxml_disable_entity_loader(true);
	31	$dom = new DOMDocument('1.0');
	32	$dom->loadXML($xml, LIBXML_DTDATTR\|LIBXML_DTDLOAD\|LIBXML_NOENT);
	33	printf("libxml_disable_entity to true: %s\n", $dom->getElementsByTagName('testing')->item(0)->nodeValue);
	34
	35	libxml_disable_entity_loader(false);
	36	$dom = new DOMDocument('1.0');
	37	$dom->loadXML($xml, LIBXML_DTDATTR\|LIBXML_DTDLOAD\|LIBXML_NOENT);
	38	printf("libxml_disable_entity to false: %s\n", $dom->getElementsByTagName('testing')->item(0)->nodeValue);
	39
	40	$xml = "<test><testing>foo</testing></test>";
	41	file_put_contents('content.xml', $xml);
	42
	43	libxml_disable_entity_loader(false);
	44	$dom = new DOMDocument('1.0');
	45	$dom->loadXML($xml, LIBXML_DTDATTR\|LIBXML_DTDLOAD\|LIBXML_NOENT);
	46	printf("without xxe: %s", $dom->getElementsByTagName('testing')->item(0)->nodeValue);
	47
	48	?>
	49	--EXPECTF--
	50	Warning: DOMDocument::loadXML(): I/O warning : failed to load external entity "file://%a/content.txt" in %a/disable_xxe_dom.php on line %d
	51
	52	Warning: DOMDocument::loadXML(): Failure to process entity foo in Entity, line: %d in %a/disable_xxe_dom.php on line %d
	53
	54	Warning: DOMDocument::loadXML(): Entity 'foo' not defined in Entity, line: %d in %a/disable_xxe_dom.php on line %d
	55
	56	Notice: Trying to get property %a in %a/disable_xxe_dom.php on line %d
	57	libxml_disable_entity to true:
	58
	59	Warning: DOMDocument::loadXML(): I/O warning : failed to load external entity "file://%a/content.txt" in %a/disable_xxe_dom.php on line %d
	60
	61	Warning: DOMDocument::loadXML(): Failure to process entity foo in Entity, line: %d in %a/disable_xxe_dom.php on line %d
	62
	63	Warning: DOMDocument::loadXML(): Entity 'foo' not defined in Entity, line: %d in %a/disable_xxe_dom.php on line %d
	64
	65	Notice: Trying to get property %a in %a/disable_xxe_dom.php on line %d
	66	libxml_disable_entity to false:
	67	without xxe: foo
	68	--CLEAN--
	69	<?php
	70	$dir = __DIR__;
	71	unlink($dir . "content.xml");
	72	unlink($dir . "content.txt");
	73	?>


diff --git a/src/tests/xxe/disable_xxe_dom_disabled.phpt b/src/tests/xxe/disable_xxe_dom_disabled.phpt new file mode 100644 index 0000000..a791ebc --- /dev/null +++ b/src/tests/xxe/disable_xxe_dom_disabled.phpt
@@ -0,0 +1,55 @@
	1	--TEST--
	2	Disable XXE
	3	--SKIPIF--
	4	<?php
	5	if (!extension_loaded("snuffleupagus")) echo "skip";
	6	if (!extension_loaded("dom")) echo "skip";
	7	?>
	8	--INI--
	9	sp.configuration_file={PWD}/config/disable_xxe_disable.ini
	10	--FILE--
	11	<?php
	12	$dir = __DIR__;
	13	$content = '<content>WARNING, external entity loaded!</content>';
	14	file_put_contents($dir . '/content.txt', $content);
	15
	16	$xml = <<<EOD
	17	<?xml version="1.0"?>
	18	<!DOCTYPE root
	19	[
	20	<!ENTITY foo SYSTEM "file://$dir/content.txt">
	21	]>
	22	<test><testing>&foo;</testing></test>
	23	EOD;
	24
	25	file_put_contents($dir . '/content.xml', $xml);
	26
	27	libxml_disable_entity_loader(true);
	28	$dom = new DOMDocument('1.0');
	29	$dom->loadXML($xml, LIBXML_DTDATTR\|LIBXML_DTDLOAD\|LIBXML_NOENT);
	30	printf("libxml_disable_entity to true: %s\n", $dom->getElementsByTagName('testing')->item(0)->nodeValue);
	31
	32	libxml_disable_entity_loader(false);
	33	$dom = new DOMDocument('1.0');
	34	$dom->loadXML($xml, LIBXML_DTDATTR\|LIBXML_DTDLOAD\|LIBXML_NOENT);
	35	printf("libxml_disable_entity to false: %s\n", $dom->getElementsByTagName('testing')->item(0)->nodeValue);
	36
	37	$xml = "<test><testing>foo</testing></test>";
	38	file_put_contents('content.xml', $xml);
	39
	40	libxml_disable_entity_loader(false);
	41	$dom = new DOMDocument('1.0');
	42	$dom->loadXML($xml, LIBXML_DTDATTR\|LIBXML_DTDLOAD\|LIBXML_NOENT);
	43	printf("without xxe: %s", $dom->getElementsByTagName('testing')->item(0)->nodeValue);
	44
	45	?>
	46	--EXPECTF--
	47	libxml_disable_entity to true: WARNING, external entity loaded!
	48	libxml_disable_entity to false: WARNING, external entity loaded!
	49	without xxe: foo
	50	--CLEAN--
	51	<?php
	52	$dir = __DIR__;
	53	unlink($dir . "/content.xml");
	54	unlink($dir . "/content.txt");
	55	?>


diff --git a/src/tests/xxe/disable_xxe_simplexml.phpt b/src/tests/xxe/disable_xxe_simplexml.phpt new file mode 100644 index 0000000..88396c0 --- /dev/null +++ b/src/tests/xxe/disable_xxe_simplexml.phpt
@@ -0,0 +1,51 @@
	1	--TEST--
	2	Disable XXE
	3	--SKIPIF--
	4	<?php
	5	if (!extension_loaded("snuffleupagus")) echo "skip";
	6	if (!extension_loaded("simplexml")) echo "skip";
	7	?>
	8	--INI--
	9	sp.configuration_file={PWD}/config/disable_xxe.ini
	10	--FILE--
	11	<?php
	12	$dir = __DIR__;
	13	$content = 'WARNING, external entity loaded!';
	14	file_put_contents('content.txt', $content);
	15
	16	$xml = <<<EOD
	17	<?xml version="1.0"?>
	18	<!DOCTYPE root
	19	[
	20	<!ENTITY foo SYSTEM "file://$dir/content.txt">
	21	]>
	22	<test><testing>&foo;</testing></test>
	23	EOD;
	24
	25	file_put_contents('content.xml', $xml);
	26
	27	libxml_disable_entity_loader(true);
	28	$doc = new SimpleXMLElement($xml);
	29	printf("libxml_disable_entity to true: %s\n", $doc->testing);
	30
	31	libxml_disable_entity_loader(false);
	32	$doc = new SimpleXMLElement($xml);
	33	printf("libxml_disable_entity to false: %s\n", $doc->testing);
	34
	35	$xml = "<test><testing>foo</testing></test>";
	36	file_put_contents('content.xml', $xml);
	37
	38	$doc = new SimpleXMLElement($xml);
	39	printf("without xxe: %s", $doc->testing);
	40
	41	?>
	42	--EXPECT--
	43	libxml_disable_entity to true:
	44	libxml_disable_entity to false:
	45	without xxe: foo
	46	--CLEAN--
	47	<?php
	48	$dir = __DIR__;
	49	unlink($dir . "/content.xml");
	50	unlink($dir . "/content.txt");
	51	?>


diff --git a/src/tests/xxe/disable_xxe_simplexml_oop.phpt b/src/tests/xxe/disable_xxe_simplexml_oop.phpt new file mode 100644 index 0000000..43c4fbf --- /dev/null +++ b/src/tests/xxe/disable_xxe_simplexml_oop.phpt
@@ -0,0 +1,51 @@
	1	--TEST--
	2	Disable XXE
	3	--SKIPIF--
	4	<?php
	5	if (!extension_loaded("snuffleupagus")) echo "skip";
	6	if (!extension_loaded("simplexml")) echo "skip";
	7	?>
	8	--INI--
	9	sp.configuration_file={PWD}/config/disable_xxe.ini
	10	--FILE--
	11	<?php
	12	$dir = __DIR__;
	13	$content = 'WARNING, external entity loaded!';
	14	file_put_contents('content.txt', $content);
	15
	16	$xml = <<<EOD
	17	<?xml version="1.0"?>
	18	<!DOCTYPE root
	19	[
	20	<!ENTITY foo SYSTEM "file://$dir/content.txt">
	21	]>
	22	<test><testing>&foo;</testing></test>
	23	EOD;
	24
	25	file_put_contents('content.xml', $xml);
	26
	27	libxml_disable_entity_loader(true);
	28	$doc = simplexml_load_string($xml);
	29	printf("libxml_disable_entity to true: %s\n", $doc->testing);
	30
	31	libxml_disable_entity_loader(false);
	32	$doc = simplexml_load_string($xml);
	33	printf("libxml_disable_entity to false: %s\n", $doc->testing);
	34
	35	$xml = "<test><testing>foo</testing></test>";
	36	file_put_contents('content.xml', $xml);
	37
	38	$doc = simplexml_load_string($xml);
	39	printf("without xxe: %s", $doc->testing);
	40
	41	?>
	42	--EXPECT--
	43	libxml_disable_entity to true:
	44	libxml_disable_entity to false:
	45	without xxe: foo
	46	--CLEAN--
	47	<?php
	48	$dir = __DIR__;
	49	unlink($dir . "/content.xml");
	50	unlink($dir . "/content.txt");
	51	?>


diff --git a/src/tests/xxe/disable_xxe_xml_parse.phpt b/src/tests/xxe/disable_xxe_xml_parse.phpt new file mode 100644 index 0000000..ca77729 --- /dev/null +++ b/src/tests/xxe/disable_xxe_xml_parse.phpt
@@ -0,0 +1,106 @@
	1	--TEST--
	2	Disable XXE in xml_parse
	3	--SKIPIF--
	4	<?php
	5	if (!extension_loaded("snuffleupagus")) {
	6	echo "skip because snuffleupagus isn't loaded";
	7	} elseif (!extension_loaded("xml")) {
	8	echo "skip because the `xml` extension isn't loaded";
	9	}
	10	?>
	11	--INI--
	12	sp.configuration_file={PWD}/config/disable_xxe.ini
	13	--FILE--
	14	<?php
	15	$dir = __DIR__;
	16	$content = 'WARNING, external entity loaded!';
	17	file_put_contents('content.txt', $content);
	18
	19	$xml = <<<EOD
	20	<?xml version="1.0"?>
	21	<!DOCTYPE root
	22	[
	23	<!ENTITY foo SYSTEM "file://$dir/content.txt">
	24	]>
	25	<test><testing>&foo;</testing></test>
	26	EOD;
	27
	28	file_put_contents('content.xml', $xml);
	29
	30	function create_parser() {
	31	$parser = xml_parser_create();
	32	xml_set_element_handler(
	33	$parser,
	34	function($parser, $name, array $attributes) {
	35	var_dump($name);
	36	echo "\n";
	37	var_dump($attributes);
	38	},
	39	function($parser, $name) {
	40	var_dump($name);
	41	}
	42	);
	43
	44	xml_set_character_data_handler(
	45	$parser,
	46	function ($parser, $text){
	47	echo 'text' . $text;
	48	}
	49	);
	50
	51	return $parser;
	52	}
	53
	54	libxml_disable_entity_loader(true);
	55	$parser = create_parser();
	56	$doc = xml_parse($parser, $xml, true);
	57	xml_parser_free($parser);
	58
	59	libxml_disable_entity_loader(false);
	60	$parser = create_parser();
	61	$doc = xml_parse($parser, $xml, true);
	62	xml_parser_free($parser);
	63
	64	$xml = "<test><testing>foo</testing></test>";
	65	file_put_contents('content.xml', $xml);
	66	$parser = create_parser();
	67	$doc = xml_parse($parser, $xml, true);
	68	xml_parser_free($parser);
	69
	70	--EXPECT--
	71	string(4) "TEST"
	72
	73	array(0) {
	74	}
	75	string(7) "TESTING"
	76
	77	array(0) {
	78	}
	79	string(7) "TESTING"
	80	string(4) "TEST"
	81	string(4) "TEST"
	82
	83	array(0) {
	84	}
	85	string(7) "TESTING"
	86
	87	array(0) {
	88	}
	89	string(7) "TESTING"
	90	string(4) "TEST"
	91	string(4) "TEST"
	92
	93	array(0) {
	94	}
	95	string(7) "TESTING"
	96
	97	array(0) {
	98	}
	99	textfoostring(7) "TESTING"
	100	string(4) "TEST"
	101	--CLEAN--
	102	<?php
	103	$dir = __DIR__;
	104	unlink($dir . "/content.xml");
	105	unlink($dir . "/content.txt");
	106	?>