RetailCRM-Mirror/PHPExcel
1
0
Fork 0
mirror of https://github.com/retailcrm/PHPExcel.git synced 2024-11-22 13:26:07 +03:00
Code Issues Projects Releases Wiki Activity

Fix and improve XXE security scanning for XML-based Readers

Browse Source
This commit is contained in:
MarkBaker 2018-11-22 23:50:50 +01:00
parent d3373c97e1
commit 2b60157497
2 changed files with 14 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
Classes/PHPExcel/Reader/Abstract.php
View File

@ -269,6 +269,18 @@ abstract class PHPExcel_Reader_Abstract implements PHPExcel_Reader_IReader
*/ */
public function securityScan($xml) public function securityScan($xml)
{ {
$pattern = '/encoding="(.*?)"/';
$result = preg_match($pattern, $xml, $matches);
if ($result) {
$charset = $matches[1];
} else {
$charset = 'UTF-8';
}
if ($charset !== 'UTF-8') {
$xml = mb_convert_encoding($xml, 'UTF-8', $charset);
}
$pattern = '/\\0?' . implode('\\0?', str_split('<!DOCTYPE')) . '\\0?/'; $pattern = '/\\0?' . implode('\\0?', str_split('<!DOCTYPE')) . '\\0?/';
if (preg_match($pattern, $xml)) { if (preg_match($pattern, $xml)) {
throw new PHPExcel_Reader_Exception('Detected use of ENTITY in XML, spreadsheet file load() aborted to prevent XXE/XEE attacks'); throw new PHPExcel_Reader_Exception('Detected use of ENTITY in XML, spreadsheet file load() aborted to prevent XXE/XEE attacks');

3
changelog.txt
View File

@ -23,7 +23,8 @@
************************************************************************************** **************************************************************************************
Planned for 1.8.2 2018-11-22 (v1.8.2):
- Security (MBaker) - Fix and improve XXE security scanning for XML-based Readers
- Bugfix: (MBaker) - Fix to getCell() method when cell reference includes a worksheet reference - Bugfix: (MBaker) - Fix to getCell() method when cell reference includes a worksheet reference
- Bugfix: (ncrypthic) Work Item GH-570 - Ignore inlineStr type if formula element exists - Bugfix: (ncrypthic) Work Item GH-570 - Ignore inlineStr type if formula element exists
- Bugfix: (hernst42) Work Item GH-709 - Fixed missing renames of writeRelationShip (from _writeRelationShip) - Bugfix: (hernst42) Work Item GH-709 - Fixed missing renames of writeRelationShip (from _writeRelationShip)