alex
/
PhpSpreadsheet
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
2,150 Commits 2 Branches 0 Tags 29 MiB
Commit Graph

13 Commits

Author SHA1 Message Date
Adrien Crivelli fa54ca79a3
Migrate away from deprecated PHPUnit asserts 2019-07-25 10:15:53 -07:00
rtek 6ab969e9cc Allow XmlScanner to correctly restore libxml entity_loader setting (#1050) 
XmlScanner was not restoring libxml_disable_entity_loader since
destruct was not being called until script shutdown. This is because
the shutdown handler required an XmlScanner instance.

Also fix an unrelated bug where the UTF-8 encoding test was
case sensitive.
 2019-07-03 09:53:43 +02:00
Mark Baker 0e6238c69e
CVE-2019-12331 (#1041) 
* Detect doubly-encoded xml to hide XXE attacks
Correct use of LibXml_Disable_Entity_Loader

* New test for double-encoded xml in security scanner
 2019-07-01 00:55:25 +02:00
Adrien Crivelli d0dea580ad
Fix a few Scrutinizer issues 2019-01-02 15:38:13 +11:00
Philipp Kolesnikov 8918888e7c
libxml_disable_entity_loader() changes global state so it should be used as local as possible 
Fixes #801
Closes #802
Closes #803
 2019-01-01 17:25:24 +11:00
MarkBaker 3abb7ccb35 CS Complaining about not uisng $this->assertInternalType('object', $scanner); 2018-11-25 14:41:11 +01:00
MarkBaker 14159d985c Coding standards 2018-11-25 14:33:01 +01:00
MarkBaker 41bcf9a21c Support for additional callback in XML Security Scanner 2018-11-25 14:00:35 +01:00
MarkBaker c708411529 Refactor scanner into base reader class 2018-11-25 12:14:54 +01:00
MarkBaker abad49d426 Use factory for XMLcanner 2018-11-23 23:05:17 +01:00
MarkBaker 5854ce3738 phpcs cleanup 2018-11-20 08:18:35 +01:00
MarkBaker 7a06d71e1c Add UTF-7 XXE Unit test data 2018-11-19 23:22:59 +01:00
MarkBaker a4d97ba896 Clean handle charset in XXE scanner 2018-11-19 22:47:34 +01:00