Added XXE protection to HTML Reader

This commit is contained in:
Mark Baker 2014-02-21 11:08:57 +00:00
parent 65178504ca
commit 8f265a9342

View File

@ -424,7 +424,7 @@ class PHPExcel_Reader_HTML extends PHPExcel_Reader_Abstract implements PHPExcel_
// Create a new DOM object // Create a new DOM object
$dom = new domDocument; $dom = new domDocument;
// Reload the HTML file into the DOM object // Reload the HTML file into the DOM object
$loaded = $dom->loadHTMLFile($pFilename); $loaded = $dom->loadHTMLFile($pFilename, PHPExcel_Settings::getLibXmlLoaderOptions());
if ($loaded === FALSE) { if ($loaded === FALSE) {
throw new PHPExcel_Reader_Exception('Failed to load ',$pFilename,' as a DOM Document'); throw new PHPExcel_Reader_Exception('Failed to load ',$pFilename,' as a DOM Document');
} }