(PHP 5 >= 5.4.0, PHP 7, PHP 8)
libxml_set_external_entity_loader — Changes the default external entity loader
Changes the default external entity loader.
This can be used to suppress the expansion of arbitrary external entities to avoid XXE attacks,
even when LIBXML_NOENT has been set for the respective operation,
and is usually preferable over calling libxml_disable_entity_loader().
resolver_functionA callable with the following signature:
public_idsystem_idcontext"directory", "intSubName",
"extSubURI" and "extSubSystem".
null is returned, the entity reference resolution will fail.
Always returns true.
| Versione | Descrizione |
|---|---|
| 8.5.0 |
The return type is true now; previously, it was bool.
|
Example #1 libxml_set_external_entity_loader() example
<?php
$xml = <<<XML
<!DOCTYPE foo PUBLIC "-//FOO/BAR" "http://example.com/foobar">
<foo>bar</foo>
XML;
$dtd = <<<DTD
<!ELEMENT foo (#PCDATA)>
DTD;
libxml_set_external_entity_loader(
function ($public, $system, $context) use($dtd) {
var_dump($public);
var_dump($system);
var_dump($context);
$f = fopen("php://temp", "r+");
fwrite($f, $dtd);
rewind($f);
return $f;
}
);
$dd = new DOMDocument;
$r = $dd->loadXML($xml);
var_dump($dd->validate());
?>Il precedente esempio visualizzerà:
string(10) "-//FOO/BAR"
string(25) "http://example.com/foobar"
array(4) {
["directory"] => NULL
["intSubName"] => NULL
["extSubURI"] => NULL
["extSubSystem"] => NULL
}
bool(true)