本文整理汇总了PHP中libxml_disable_entity_loader函数的典型用法代码示例。如果您正苦于以下问题:PHP libxml_disable_entity_loader函数的具体用法?PHP libxml_disable_entity_loader怎么用?PHP libxml_disable_entity_loader使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了libxml_disable_entity_loader函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: responseMsg
public function responseMsg()
{
//get post data, May be due to the different environments
$postStr = $GLOBALS["HTTP_RAW_POST_DATA"];
//extract post data
if (!empty($postStr)) {
/* libxml_disable_entity_loader is to prevent XML eXternal Entity Injection,
the best way is to check the validity of xml by yourself */
libxml_disable_entity_loader(true);
$postObj = simplexml_load_string($postStr, 'SimpleXMLElement', LIBXML_NOCDATA);
$fromUsername = $postObj->FromUserName;
$toUsername = $postObj->ToUserName;
$keyword = trim($postObj->Content);
$time = time();
$textTpl = "<xml>\n\t\t\t\t\t\t\t<ToUserName><![CDATA[%s]]></ToUserName>\n\t\t\t\t\t\t\t<FromUserName><![CDATA[%s]]></FromUserName>\n\t\t\t\t\t\t\t<CreateTime>%s</CreateTime>\n\t\t\t\t\t\t\t<MsgType><![CDATA[%s]]></MsgType>\n\t\t\t\t\t\t\t<Content><![CDATA[%s]]></Content>\n\t\t\t\t\t\t\t<FuncFlag>0</FuncFlag>\n\t\t\t\t\t\t\t</xml>";
if (!empty($keyword)) {
$msgType = "text";
$contentStr = "Welcome to wechat world!";
$resultStr = sprintf($textTpl, $fromUsername, $toUsername, $time, $msgType, $contentStr);
echo $resultStr;
} else {
echo "Input something...";
}
} else {
echo "";
exit;
}
}示例2: responseMsg
public function responseMsg()
{
//get post data, May be due to the different environments
$postStr = $GLOBALS["HTTP_RAW_POST_DATA"];
//extract post data
if (!empty($postStr)) {
/* libxml_disable_entity_loader is to prevent XML eXternal Entity Injection,
the best way is to check the validity of xml by yourself */
libxml_disable_entity_loader(true);
$postObj = simplexml_load_string($postStr, 'SimpleXMLElement', LIBXML_NOCDATA);
$fromUsername = $postObj->FromUserName;
$toUsername = $postObj->ToUserName;
$keyword = trim($postObj->Content);
$time = time();
$textTpl = "<xml>\n\t\t\t\t\t\t\t<ToUserName><![CDATA[%s]]></ToUserName>\n\t\t\t\t\t\t\t<FromUserName><![CDATA[%s]]></FromUserName>\n\t\t\t\t\t\t\t<CreateTime>%s</CreateTime>\n\t\t\t\t\t\t\t<MsgType><![CDATA[%s]]></MsgType>\n\t\t\t\t\t\t\t<Content><![CDATA[%s]]></Content>\n\t\t\t\t\t\t\t<FuncFlag>0</FuncFlag>\n\t\t\t\t\t\t\t</xml>";
if (!empty($keyword)) {
$msgType = "text";
//$contentStr = "Welcome to wechat world!您的openID:$fromUsername";
$contentStr = "欢迎关注优派健康。\n";
$contentStr .= "<a href='https://open.weixin.qq.com/connect/oauth2/authorize?appid=wxca232ac09f1798ef&redirect_uri=http://api.didijiankang.cn/weixin/index.php/Home/Index/bindingAccountForm&response_type=code&scope=snsapi_base&state=123#wechat_redirect'>注册-绑定优派账号</a>。\n";
$contentStr .= "已绑定账号-<a href='https://open.weixin.qq.com/connect/oauth2/authorize?appid=wxca232ac09f1798ef&redirect_uri=http://api.didijiankang.cn/weixin/index.php/Home/Index/displayMyConcern&response_type=code&scope=snsapi_base&state=123#wechat_redirect'>我的关注</a>。";
$resultStr = sprintf($textTpl, $fromUsername, $toUsername, $time, $msgType, $contentStr);
echo $resultStr;
} else {
echo "Input something...";
}
} else {
echo "";
exit;
}
}示例3: stringMatches
/**
* {@inheritdoc}
*/
protected function stringMatches($other)
{
$internalErrors = libxml_use_internal_errors(true);
$disableEntities = libxml_disable_entity_loader(true);
libxml_clear_errors();
$dom = new \DOMDocument();
$dom->preserveWhiteSpace = false;
$dom->validateOnParse = true;
if (!@$dom->loadXML($other, LIBXML_NONET | (defined('LIBXML_COMPACT') ? LIBXML_COMPACT : 0))) {
libxml_disable_entity_loader($disableEntities);
$this->setXMLConstraintErrors();
libxml_clear_errors();
libxml_use_internal_errors($internalErrors);
return false;
}
$dom->normalizeDocument();
libxml_disable_entity_loader($disableEntities);
libxml_clear_errors();
if (false === ($result = @$dom->schemaValidateSource($this->XSD))) {
$this->setXMLConstraintErrors();
}
libxml_clear_errors();
libxml_use_internal_errors($internalErrors);
return $result;
}示例4: parseFull
private function parseFull($xml, $encoding = null)
{
$dom = new \DomDocument();
if ($encoding) {
$xml = '<?xml encoding="' . $encoding . '">' . $xml;
}
libxml_disable_entity_loader();
// prevents XXE attacks
$prevErrorSetting = libxml_use_internal_errors(true);
if ($dom->loadXML($xml)) {
if ($encoding) {
foreach ($dom->childNodes as $item) {
if ($item->nodeType == XML_PI_NODE) {
$dom->removeChild($item);
break;
}
}
$dom->encoding = $encoding;
}
libxml_use_internal_errors($prevErrorSetting);
return new Proxy(simplexml_import_dom($dom), $this);
}
$errors = libxml_get_errors();
libxml_clear_errors();
libxml_use_internal_errors($prevErrorSetting);
$message = 'Incorrect xml passed.';
foreach ($errors as $error) {
$message .= '\\nline: ' . $error->line . '; column: ' . $error->column . '; ' . $error->message;
}
throw new \arc\UnknownError($message, \arc\exceptions::ILLEGAL_ARGUMENT);
}示例5: validate
/**
* @param FeedTypeInterface $type
* @param OutputInterface $output
*
* @return int
*/
protected function validate(FeedTypeInterface $type, OutputInterface $output)
{
$file = $this->exporter->getFeedFilename($type);
if (!file_exists($file)) {
throw new FileNotFoundException(sprintf('<error>Feed "%s" has not yet been exported</error>', $type->getName()));
}
$options = LIBXML_NOENT | LIBXML_COMPACT | LIBXML_PARSEHUGE | LIBXML_NOERROR | LIBXML_NOWARNING;
$this->reader = new \XMLReader($options);
$this->reader->open($file);
$this->reader->setParserProperty(\XMLReader::SUBST_ENTITIES, true);
// foreach ($type->getNamespaces() as $name => $location) {
// $this->reader->setSchema($location);
// }
libxml_clear_errors();
libxml_use_internal_errors(true);
libxml_disable_entity_loader(true);
$progress = new ProgressBar($output);
$progress->start();
// go through the whole thing
while ($this->reader->read()) {
if ($this->reader->nodeType === \XMLReader::ELEMENT && $this->reader->name === $type->getItemNode()) {
$progress->advance();
$this->currentItem = $this->reader->readOuterXml();
}
if ($error = libxml_get_last_error()) {
throw new \RuntimeException(sprintf('[%s %s] %s (in %s - line %d, column %d)', LIBXML_ERR_WARNING === $error->level ? 'WARNING' : 'ERROR', $error->code, trim($error->message), $error->file ? $error->file : 'n/a', $error->line, $error->column));
}
}
$progress->finish();
}示例6: responseMsg
public function responseMsg($conn)
{
//get post data, May be due to the different environments
$postStr = $GLOBALS["HTTP_RAW_POST_DATA"];
//extract post data
if (!empty($postStr)) {
/* libxml_disable_entity_loader is to prevent XML eXternal Entity Injection,
the best way is to check the validity of xml by yourself */
libxml_disable_entity_loader(true);
$postObj = simplexml_load_string($postStr, 'SimpleXMLElement', LIBXML_NOCDATA);
$msgType = $postObj->MsgType;
switch ($msgType) {
case "text":
$this->textHandler($postObj, $conn);
exit;
case "image":
$this->imageHandler($postObj, $conn);
exit;
case "voice":
$this->voiceHandler($postObj, $conn);
exit;
case "shortvideo":
$this->shortvideoHandler($postObj, $conn);
exit;
default:
echo "";
exit;
}
} else {
echo "";
exit;
}
}示例7: convert
/**
* Create a PHP array from the XML file
*
* @param String $xmlFile The XML file or a string containing xml to parse
*
* @return Array
*
* @throws \Propel\Common\Config\Exception\XmlParseException if parse errors occur
*/
public static function convert($xmlToParse)
{
if (!is_string($xmlToParse)) {
throw new InvalidArgumentException("XmlToArrayConverter::convert method expects an xml file to parse, or a string containing valid xml");
}
if (file_exists($xmlToParse)) {
$xmlToParse = file_get_contents($xmlToParse);
}
//Empty xml file returns empty array
if ('' === $xmlToParse) {
return array();
}
if ($xmlToParse[0] !== '<') {
throw new InvalidArgumentException('Invalid xml content');
}
$currentEntityLoader = libxml_disable_entity_loader(true);
$currentInternalErrors = libxml_use_internal_errors(true);
$xml = simplexml_load_string($xmlToParse);
$errors = libxml_get_errors();
libxml_clear_errors();
libxml_use_internal_errors($currentInternalErrors);
libxml_disable_entity_loader($currentEntityLoader);
if (count($errors) > 0) {
throw new XmlParseException($errors);
}
$conf = self::simpleXmlToArray($xml);
return $conf;
}示例8: read
/**
* Convert string with xml data to php array.
*
* @throws Exception
*
* @param string $string
*
* @return array
*/
public function read($string)
{
libxml_use_internal_errors(true);
libxml_disable_entity_loader(true);
$result = simplexml_load_string($string, null, LIBXML_IMPORT_FLAGS);
if (!$result) {
$errors = libxml_get_errors();
libxml_clear_errors();
foreach ($errors as $error) {
$text = '';
switch ($error->level) {
case LIBXML_ERR_WARNING:
$text .= _s('XML file contains warning %1$s:', $error->code);
break;
case LIBXML_ERR_ERROR:
$text .= _s('XML file contains error %1$s:', $error->code);
break;
case LIBXML_ERR_FATAL:
$text .= _s('XML file contains fatal error %1$s:', $error->code);
break;
}
$text .= trim($error->message) . ' [ Line: ' . $error->line . ' | Column: ' . $error->column . ' ]';
throw new Exception($text);
}
}
$xml = new XMLReader();
$xml->xml($string);
$array = $this->xmlToArray($xml);
$xml->close();
return $array;
}示例9: __construct
public function __construct($fileUri, $fileName, $disableExternalEntities = true)
{
libxml_disable_entity_loader($disableExternalEntities);
$this->fileName = $fileName;
$this->wordUri = $fileUri;
Node::$counter = -1;
}示例10: readBody
/**
* {@inheritdoc}
*/
public function readBody(HttpRequest $request, \ReflectionClass $type) : \Generator
{
$input = (yield $request->getBody()->getContents());
$xml = new \DOMDocument();
$xml->formatOutput = false;
\libxml_clear_errors();
$errorHandling = \libxml_use_internal_errors(true);
$entities = \libxml_disable_entity_loader(true);
try {
$success = @$xml->loadXML($input, \LIBXML_NONET | \LIBXML_NOENT);
$errors = \libxml_get_errors();
} catch (\Throwable $e) {
if (!empty($errors) && $this->logger) {
$this->logErrors($errors);
}
throw new StatusException(Http::BAD_REQUEST, 'Invalid XML input', [], $e);
} finally {
\libxml_use_internal_errors($errorHandling);
\libxml_disable_entity_loader($entities);
}
if (!empty($errors) || empty($success) || $xml === NULL || !$xml instanceof \DOMDocument) {
if (!empty($errors) && $this->logger) {
$this->logErrors($errors);
}
throw new StatusException(Http::BAD_REQUEST, 'Invalid XML input');
}
return $xml;
}示例11: validateXML
/**
* This function attempts to validate an XML string against the specified schema.
*
* It will parse the string into a DOM document and validate this document against the schema.
*
* @param string $xml The XML string or document which should be validated.
* @param string $schema The schema filename which should be used.
* @param boolean $debug To disable/enable the debug mode
*
* @return string | DOMDocument $dom string that explains the problem or the DOMDocument
*/
public static function validateXML($xml, $schema, $debug = false)
{
assert('is_string($xml) || $xml instanceof DOMDocument');
assert('is_string($schema)');
libxml_clear_errors();
libxml_use_internal_errors(true);
if ($xml instanceof DOMDocument) {
$dom = $xml;
} else {
$dom = new DOMDocument();
$dom = self::loadXML($dom, $xml);
if (!$dom) {
return 'unloaded_xml';
}
}
$schemaFile = dirname(__FILE__) . '/schemas/' . $schema;
$oldEntityLoader = libxml_disable_entity_loader(false);
$res = $dom->schemaValidate($schemaFile);
libxml_disable_entity_loader($oldEntityLoader);
if (!$res) {
$xmlErrors = libxml_get_errors();
syslog(LOG_INFO, 'Error validating the metadata: ' . var_export($xmlErrors, true));
if ($debug) {
foreach ($xmlErrors as $error) {
echo $error->message . "\n";
}
}
return 'invalid_xml';
}
return $dom;
}示例12: boot
/**
* Boot up the Spotweb system
*
* @return array (Services_Settings_Container|Dao_Factory_Base|SpotReq)[]
*/
public function boot()
{
SpotTiming::start('bootstrap');
$daoFactory = $this->getDaoFactory();
$settings = $this->getSettings($daoFactory, true);
$spotReq = $this->getSpotReq($settings);
/*
* Set the cache path
*/
if ($settings->exists('cache_path')) {
$daoFactory->setCachePath($settings->get('cache_path'));
}
# if
/*
* Run the validation of the most basic systems
* in Spotweb
*/
$this->validate(new Services_Settings_Base($settings, $daoFactory->getBlackWhiteListDao()));
/*
* Disable the timing part as soon as possible because it
* gobbles memory
*/
if (!$settings->get('enable_timing')) {
SpotTiming::disable();
}
# if
/*
* Disable XML entity loader as this might be an
* security issue.
*/
libxml_disable_entity_loader(true);
SpotTiming::stop('bootstrap');
return array($settings, $daoFactory, $spotReq);
}示例13: getDomDocument
/**
* Get a DomDocument instance or return false
*
* @static
* @access public
* @param string $input XML content
* @return mixed
*/
public static function getDomDocument($input)
{
if (substr(php_sapi_name(), 0, 3) === 'fpm') {
// If running with PHP-FPM and an entity is detected we refuse to parse the feed
// @see https://bugs.php.net/bug.php?id=64938
if (strpos($input, '<!ENTITY') !== false) {
return false;
}
} else {
libxml_disable_entity_loader(true);
}
libxml_use_internal_errors(true);
$dom = new DomDocument();
$dom->loadXml($input, LIBXML_NONET);
// The document is empty, there is probably some parsing errors
if ($dom->childNodes->length === 0) {
return false;
}
// Scan for potential XEE attacks using ENTITY
foreach ($dom->childNodes as $child) {
if ($child->nodeType === XML_DOCUMENT_TYPE_NODE) {
if ($child->entities->length > 0) {
return false;
}
}
}
return $dom;
}示例14: actionPublic
public function actionPublic($appid, $echostr = null, $signature = null, $timestamp = null, $nonce = null, $encrypt_type = null, $msg_signature = null)
{
$this->module->manager->setApp($appid);
//验证消息
if (!$this->module->checkSignature($signature, $timestamp, $nonce)) {
throw new NotFoundHttpException(\Yii::t('common', 'Page not found.'));
}
//返回服务器地址设置随机字符串
if ($echostr) {
return $echostr;
}
//过滤非消息请求
if (!($postStr = file_get_contents('php://input'))) {
throw new NotFoundHttpException(\Yii::t('common', 'Page not found.'));
}
//获取数据
libxml_disable_entity_loader(true);
$postObj = (array) simplexml_load_string($postStr, 'SimpleXMLElement', LIBXML_NOCDATA);
//确定是否开启安全模式
$safeMode = $encrypt_type && $msg_signature;
//安全模式下验证并解密消息
if ($safeMode && (!isset($postObj['Encrypt']) || !($postObj = $this->module->decryptMessage($msg_signature, $timestamp, $nonce, $postObj['Encrypt'])))) {
throw new NotFoundHttpException(\Yii::t('common', 'Page not found.'));
}
//处理数据并获取回复结果
$response = $this->module->handleMessage($postObj);
//加密回复消息
if ($safeMode && $response) {
$response = $this->module->encryptMessage($response, $timestamp, $nonce);
}
//设置xml格式
\Yii::$app->response->formatters[Response::FORMAT_XML] = 'yii\\wechat\\components\\XmlResponseFormatter';
\Yii::$app->response->format = Response::FORMAT_XML;
return $response;
}示例15: responseMsg
public function responseMsg()
{
//get post data, May be due to the different environments
$postStr = $GLOBALS["HTTP_RAW_POST_DATA"];
//extract post data
if (!empty($postStr)) {
/* libxml_disable_entity_loader is to prevent XML eXternal Entity Injection,
the best way is to check the validity of xml by yourself */
libxml_disable_entity_loader(true);
$postObj = simplexml_load_string($postStr, 'SimpleXMLElement', LIBXML_NOCDATA);
$MsgType = trim($postObj->MsgType);
switch ($MsgType) {
case "text":
$resultStr = $this->responseText($postObj);
break;
case "image":
$resultStr = $this->handleImage($postObj);
break;
case "voice":
$resultStr = $this->handleVoice($postObj);
break;
default:
$resultStr = "Unknow message type: " . $MsgType;
break;
}
echo $resultStr;
} else {
echo "";
exit;
}
}