val e9dd38c3a8 commit fonctionne ou pas ? 2 years ago
..
.github e9dd38c3a8 commit fonctionne ou pas ? 2 years ago
src e9dd38c3a8 commit fonctionne ou pas ? 2 years ago
COPYRIGHT.md e9dd38c3a8 commit fonctionne ou pas ? 2 years ago
LICENSE.md e9dd38c3a8 commit fonctionne ou pas ? 2 years ago
README.md e9dd38c3a8 commit fonctionne ou pas ? 2 years ago
composer.json e9dd38c3a8 commit fonctionne ou pas ? 2 years ago
composer.lock e9dd38c3a8 commit fonctionne ou pas ? 2 years ago

README.md

laminas-xml

Build Status

An utility component for XML usage and best practices in PHP

Installation

You can install using:

$ curl -s https://getcomposer.org/installer | php
$ php composer.phar install

Notice that this library doesn't have any external dependencies, the usage of composer is for autoloading and standard purpose.

Laminas\Xml\Security

This is a security component to prevent XML eXternal Entity (XXE) and XML Entity Expansion (XEE) attacks on XML documents.

The XXE attack is prevented disabling the load of external entities in the libxml library used by PHP, using the function libxml_disable_entity_loader.

The XEE attack is prevented looking inside the XML document for ENTITY usage. If the XML document uses ENTITY the library throw an Exception.

We have two static methods to scan and load XML document from a string (scan) and from a file (scanFile). You can decide to get a SimpleXMLElement or DOMDocument as result, using the following use cases:

use Laminas\Xml\Security as XmlSecurity;

$xml = <<<XML
    <?xml version="1.0"?>
    <results>
        <result>test</result>
    </results>
    XML;

// SimpleXML use case
$simplexml = XmlSecurity::scan($xml);
printf ("SimpleXMLElement: %s\n", ($simplexml instanceof \SimpleXMLElement) ? 'yes' : 'no');

// DOMDocument use case
$dom = new \DOMDocument('1.0');
$dom = XmlSecurity::scan($xml, $dom);
printf ("DOMDocument: %s\n", ($dom instanceof \DOMDocument) ? 'yes' : 'no');