From 868f96c759b6650d88ff9f4fbc5c048302134248 Mon Sep 17 00:00:00 2001
From: Sebastien Blot
Date: Wed, 20 Sep 2017 10:11:01 +0200
Subject: Initial import

---
 src/tests/disable_xxe_simplexml.phpt | 52 ++++++++++++++++++++++++++++++++++++
 1 file changed, 52 insertions(+)
 create mode 100644 src/tests/disable_xxe_simplexml.phpt

(limited to 'src/tests/disable_xxe_simplexml.phpt')

diff --git a/src/tests/disable_xxe_simplexml.phpt b/src/tests/disable_xxe_simplexml.phpt
new file mode 100644
index 0000000..54404a3
--- /dev/null
+++ b/src/tests/disable_xxe_simplexml.phpt
@@ -0,0 +1,52 @@
+--TEST--
+Disable XXE
+--SKIPIF--
+<?php
+ if (!extension_loaded("snuffleupagus")) die "skip";
+ if (!extension_loaded("simplexml")) die "skip";
+ ?>
+--INI--
+extension=`php-config --extension-dir`/simplexml.so 
+sp.configuration_file={PWD}/config/disable_xxe.ini
+--FILE--
+<?php 
+$dir = __DIR__;
+$content = 'WARNING, external entity loaded!';
+file_put_contents('content.txt', $content);
+
+$xml = <<<EOD
+<?xml version="1.0"?>
+<!DOCTYPE root
+[
+<!ENTITY foo SYSTEM "file://$dir/content.txt">
+]>
+<test><testing>&foo;</testing></test>
+EOD;
+
+file_put_contents('content.xml', $xml);
+
+libxml_disable_entity_loader(true);
+$doc = new SimpleXMLElement($xml);
+printf("libxml_disable_entity to true: %s\n", $doc->testing);
+
+libxml_disable_entity_loader(false);
+$doc = new SimpleXMLElement($xml);
+printf("libxml_disable_entity to false: %s\n", $doc->testing);
+
+$xml = "<test><testing>foo</testing></test>";
+file_put_contents('content.xml', $xml);
+
+$doc = new SimpleXMLElement($xml);
+printf("without xxe: %s", $doc->testing);
+
+?>
+--EXPECT--
+libxml_disable_entity to true: 
+libxml_disable_entity to false: 
+without xxe: foo
+--CLEAN--
+<?php
+$dir = __DIR__;
+unlink($dir . "/content.xml");
+unlink($dir . "/content.txt");
+?>
-- 
cgit v1.3