Skip to content

Commit

Permalink
Merge pull request #81 from owncloud/libxmlentitystateresetafteruse
Browse files Browse the repository at this point in the history 
Set back libxml_disable_entity_loader state after use
  • Loading branch information
Vincent Petry committed Mar 3, 2014
2 parents ddb0931 + 2462a1d commit 184f0a5
Show file tree
Hide file tree
Showing 10 changed files with 97 additions and 49 deletions.
6 changes: 4 additions & 2 deletions PHPExcel/Classes/PHPExcel/Reader/Excel2003XML.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -137,8 +137,9 @@ public function listWorksheetNames($pFilename)

$worksheetNames = array();

libxml_disable_entity_loader(true);
$loadEntities = libxml_disable_entity_loader(true);
$xml = simplexml_load_file($pFilename);
libxml_disable_entity_loader($loadEntities);
$namespaces = $xml->getNamespaces(true);

$xml_ss = $xml->children($namespaces['ss']);
Expand Down Expand Up @@ -166,8 +167,9 @@ public function listWorksheetInfo($pFilename)

$worksheetInfo = array();

libxml_disable_entity_loader(true);
$loadEntities = libxml_disable_entity_loader(true);
$xml = simplexml_load_file($pFilename);
libxml_disable_entity_loader($loadEntities);
$namespaces = $xml->getNamespaces(true);

$worksheetID = 1;
Expand Down
57 changes: 38 additions & 19 deletions PHPExcel/Classes/PHPExcel/Reader/Excel2007.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -92,8 +92,9 @@ public function canRead($pFilename)
$zip = new ZipArchive;
if ($zip->open($pFilename) === true) {
// check if it is an OOXML archive
libxml_disable_entity_loader(true);
$loadEntities = libxml_disable_entity_loader(true);
$rels = simplexml_load_string($this->_getFromZipArchive($zip, "_rels/.rels"));
libxml_disable_entity_loader($loadEntities);
if ($rels !== false) {
foreach ($rels->Relationship as $rel) {
switch ($rel["Type"]) {
Expand Down Expand Up @@ -132,17 +133,19 @@ public function listWorksheetNames($pFilename)
$zip->open($pFilename);

// The files we're looking at here are small enough that simpleXML is more efficient than XMLReader
libxml_disable_entity_loader(true);
$loadEntities = libxml_disable_entity_loader(true);
$rels = simplexml_load_string(
$this->_getFromZipArchive($zip, "_rels/.rels")
); //~ http://schemas.openxmlformats.org/package/2006/relationships");
libxml_disable_entity_loader($loadEntities);
foreach ($rels->Relationship as $rel) {
switch ($rel["Type"]) {
case "http://schemas.openxmlformats.org/officeDocument/2006/relationships/officeDocument":
libxml_disable_entity_loader(true);
$loadEntities = libxml_disable_entity_loader(true);
$xmlWorkbook = simplexml_load_string(
$this->_getFromZipArchive($zip, "{$rel['Target']}")
); //~ http://schemas.openxmlformats.org/spreadsheetml/2006/main");
libxml_disable_entity_loader($loadEntities);

if ($xmlWorkbook->sheets) {
foreach ($xmlWorkbook->sheets->sheet as $eleSheet) {
Expand Down Expand Up @@ -176,13 +179,15 @@ public function listWorksheetInfo($pFilename)

$zip = new ZipArchive;
$zip->open($pFilename);
libxml_disable_entity_loader(true);
$loadEntities = libxml_disable_entity_loader(true);
$rels = simplexml_load_string($this->_getFromZipArchive($zip, "_rels/.rels")); //~ http://schemas.openxmlformats.org/package/2006/relationships");
libxml_disable_entity_loader($loadEntities);
foreach ($rels->Relationship as $rel) {
if ($rel["Type"] == "http://schemas.openxmlformats.org/officeDocument/2006/relationships/officeDocument") {
$dir = dirname($rel["Target"]);
libxml_disable_entity_loader(true);
$loadEntities = libxml_disable_entity_loader(true);
$relsWorkbook = simplexml_load_string($this->_getFromZipArchive($zip, "$dir/_rels/" . basename($rel["Target"]) . ".rels")); //~ http://schemas.openxmlformats.org/package/2006/relationships");
libxml_disable_entity_loader($loadEntities);
$relsWorkbook->registerXPathNamespace("rel", "http://schemas.openxmlformats.org/package/2006/relationships");

$worksheets = array();
Expand All @@ -191,8 +196,9 @@ public function listWorksheetInfo($pFilename)
$worksheets[(string) $ele["Id"]] = $ele["Target"];
}
}
libxml_disable_entity_loader(true);
$loadEntities = libxml_disable_entity_loader(true);
$xmlWorkbook = simplexml_load_string($this->_getFromZipArchive($zip, "{$rel['Target']}")); //~ http://schemas.openxmlformats.org/spreadsheetml/2006/main");
libxml_disable_entity_loader($loadEntities);
if ($xmlWorkbook->sheets) {
$dir = dirname($rel["Target"]);
foreach ($xmlWorkbook->sheets->sheet as $eleSheet) {
Expand Down Expand Up @@ -358,15 +364,17 @@ public function load($pFilename)
$zip->open($pFilename);

// Read the theme first, because we need the colour scheme when reading the styles
libxml_disable_entity_loader(true);
$loadEntities = libxml_disable_entity_loader(true);
$wbRels = simplexml_load_string($this->_getFromZipArchive($zip, "xl/_rels/workbook.xml.rels")); //~ http://schemas.openxmlformats.org/package/2006/relationships");
libxml_disable_entity_loader($loadEntities);
foreach ($wbRels->Relationship as $rel) {
switch ($rel["Type"]) {
case "http://schemas.openxmlformats.org/officeDocument/2006/relationships/theme":
$themeOrderArray = array('lt1','dk1','lt2','dk2');
$themeOrderAdditional = count($themeOrderArray);
libxml_disable_entity_loader(true);
$loadEntities = libxml_disable_entity_loader(true);
$xmlTheme = simplexml_load_string($this->_getFromZipArchive($zip, "xl/{$rel['Target']}"));
libxml_disable_entity_loader($loadEntities);
if (is_object($xmlTheme)) {
$xmlThemeName = $xmlTheme->attributes();
$xmlTheme = $xmlTheme->children("http://schemas.openxmlformats.org/drawingml/2006/main");
Expand Down Expand Up @@ -395,13 +403,15 @@ public function load($pFilename)
break;
}
}
libxml_disable_entity_loader(true);
$loadEntities = libxml_disable_entity_loader(true);
$rels = simplexml_load_string($this->_getFromZipArchive($zip, "_rels/.rels")); //~ http://schemas.openxmlformats.org/package/2006/relationships");
libxml_disable_entity_loader($loadEntities);
foreach ($rels->Relationship as $rel) {
switch ($rel["Type"]) {
case "http://schemas.openxmlformats.org/package/2006/relationships/metadata/core-properties":
libxml_disable_entity_loader(true);
$loadEntities = libxml_disable_entity_loader(true);
$xmlCore = simplexml_load_string($this->_getFromZipArchive($zip, "{$rel['Target']}"));
libxml_disable_entity_loader($loadEntities);
if (is_object($xmlCore)) {
$xmlCore->registerXPathNamespace("dc", "http://purl.org/dc/elements/1.1/");
$xmlCore->registerXPathNamespace("dcterms", "http://purl.org/dc/terms/");
Expand All @@ -420,8 +430,9 @@ public function load($pFilename)
break;

case "http://schemas.openxmlformats.org/officeDocument/2006/relationships/extended-properties":
libxml_disable_entity_loader(true);
$loadEntities = libxml_disable_entity_loader(true);
$xmlCore = simplexml_load_string($this->_getFromZipArchive($zip, "{$rel['Target']}"));
libxml_disable_entity_loader($loadEntities);
if (is_object($xmlCore)) {
$docProps = $excel->getProperties();
if (isset($xmlCore->Company))
Expand All @@ -432,8 +443,9 @@ public function load($pFilename)
break;

case "http://schemas.openxmlformats.org/officeDocument/2006/relationships/custom-properties":
libxml_disable_entity_loader(true);
$loadEntities = libxml_disable_entity_loader(true);
$xmlCore = simplexml_load_string($this->_getFromZipArchive($zip, "{$rel['Target']}"));
libxml_disable_entity_loader($loadEntities);
if (is_object($xmlCore)) {
$docProps = $excel->getProperties();
foreach ($xmlCore as $xmlProperty) {
Expand All @@ -453,14 +465,16 @@ public function load($pFilename)

case "http://schemas.openxmlformats.org/officeDocument/2006/relationships/officeDocument":
$dir = dirname($rel["Target"]);
libxml_disable_entity_loader(true);
$loadEntities = libxml_disable_entity_loader(true);
$relsWorkbook = simplexml_load_string($this->_getFromZipArchive($zip, "$dir/_rels/" . basename($rel["Target"]) . ".rels")); //~ http://schemas.openxmlformats.org/package/2006/relationships");
libxml_disable_entity_loader($loadEntities);
$relsWorkbook->registerXPathNamespace("rel", "http://schemas.openxmlformats.org/package/2006/relationships");

$sharedStrings = array();
$xpath = self::array_item($relsWorkbook->xpath("rel:Relationship[@Type='http://schemas.openxmlformats.org/officeDocument/2006/relationships/sharedStrings']"));
libxml_disable_entity_loader(true);
$loadEntities = libxml_disable_entity_loader(true);
$xmlStrings = simplexml_load_string($this->_getFromZipArchive($zip, "$dir/$xpath[Target]")); //~ http://schemas.openxmlformats.org/spreadsheetml/2006/main");
libxml_disable_entity_loader($loadEntities);
if (isset($xmlStrings) && isset($xmlStrings->si)) {
foreach ($xmlStrings->si as $val) {
if (isset($val->t)) {
Expand All @@ -481,8 +495,9 @@ public function load($pFilename)
$styles = array();
$cellStyles = array();
$xpath = self::array_item($relsWorkbook->xpath("rel:Relationship[@Type='http://schemas.openxmlformats.org/officeDocument/2006/relationships/styles']"));
libxml_disable_entity_loader(true);
$loadEntities = libxml_disable_entity_loader(true);
$xmlStyles = simplexml_load_string($this->_getFromZipArchive($zip, "$dir/$xpath[Target]")); //~ http://schemas.openxmlformats.org/spreadsheetml/2006/main");
libxml_disable_entity_loader($loadEntities);
$numFmts = null;
if ($xmlStyles && $xmlStyles->numFmts[0]) {
$numFmts = $xmlStyles->numFmts[0];
Expand Down Expand Up @@ -579,8 +594,9 @@ public function load($pFilename)
}
}
}
libxml_disable_entity_loader(true);
$loadEntities = libxml_disable_entity_loader(true);
$xmlWorkbook = simplexml_load_string($this->_getFromZipArchive($zip, "{$rel['Target']}")); //~ http://schemas.openxmlformats.org/spreadsheetml/2006/main");
libxml_disable_entity_loader($loadEntities);

// Set base date
if ($xmlWorkbook->workbookPr) {
Expand Down Expand Up @@ -623,8 +639,9 @@ public function load($pFilename)
// reverse
$docSheet->setTitle((string) $eleSheet["name"],false);
$fileWorksheet = $worksheets[(string) self::array_item($eleSheet->attributes("http://schemas.openxmlformats.org/officeDocument/2006/relationships"), "id")];
libxml_disable_entity_loader(true);
$loadEntities = libxml_disable_entity_loader(true);
$xmlSheet = simplexml_load_string($this->_getFromZipArchive($zip, "$dir/$fileWorksheet")); //~ http://schemas.openxmlformats.org/spreadsheetml/2006/main");
libxml_disable_entity_loader($loadEntities);

$sharedFormulas = array();

Expand Down Expand Up @@ -1206,8 +1223,9 @@ public function load($pFilename)
if (!$this->_readDataOnly) {
// Locate hyperlink relations
if ($zip->locateName(dirname("$dir/$fileWorksheet") . "/_rels/" . basename($fileWorksheet) . ".rels")) {
libxml_disable_entity_loader(true);
$loadEntities = libxml_disable_entity_loader(true);
$relsWorksheet = simplexml_load_string($this->_getFromZipArchive($zip, dirname("$dir/$fileWorksheet") . "/_rels/" . basename($fileWorksheet) . ".rels") ); //~ http://schemas.openxmlformats.org/package/2006/relationships");
libxml_disable_entity_loader($loadEntities);
foreach ($relsWorksheet->Relationship as $ele) {
if ($ele["Type"] == "http://schemas.openxmlformats.org/officeDocument/2006/relationships/hyperlink") {
$hyperlinks[(string)$ele["Id"]] = (string)$ele["Target"];
Expand Down Expand Up @@ -1248,8 +1266,9 @@ public function load($pFilename)
if (!$this->_readDataOnly) {
// Locate comment relations
if ($zip->locateName(dirname("$dir/$fileWorksheet") . "/_rels/" . basename($fileWorksheet) . ".rels")) {
libxml_disable_entity_loader(true);
$loadEntities = libxml_disable_entity_loader(true);
$relsWorksheet = simplexml_load_string($this->_getFromZipArchive($zip, dirname("$dir/$fileWorksheet") . "/_rels/" . basename($fileWorksheet) . ".rels") ); //~ http://schemas.openxmlformats.org/package/2006/relationships");
libxml_disable_entity_loader($loadEntities);
foreach ($relsWorksheet->Relationship as $ele) {
if ($ele["Type"] == "http://schemas.openxmlformats.org/officeDocument/2006/relationships/comments") {
$comments[(string)$ele["Id"]] = (string)$ele["Target"];
Expand Down
3 changes: 2 additions & 1 deletion PHPExcel/Classes/PHPExcel/Reader/Gnumeric.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -243,8 +243,9 @@ public function loadIntoExisting($pFilename, PHPExcel $objPHPExcel)
// echo htmlentities($gFileData,ENT_QUOTES,'UTF-8');
// echo '</pre><hr />';
//
libxml_disable_entity_loader(true);
$loadEntities = libxml_disable_entity_loader(true);
$xml = simplexml_load_string($gFileData);
libxml_disable_entity_loader($loadEntities);
$namespacesMeta = $xml->getNamespaces(true);

// var_dump($namespacesMeta);
Expand Down
9 changes: 6 additions & 3 deletions PHPExcel/Classes/PHPExcel/Reader/OOCalc.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -88,8 +88,9 @@ public function canRead($pFilename)
if ($stat && ($stat['size'] <= 255)) {
$mimeType = $zip->getFromName($stat['name']);
} elseif($stat = $zip->statName('META-INF/manifest.xml')) {
libxml_disable_entity_loader(true);
$loadEntities = libxml_disable_entity_loader(true);
$xml = simplexml_load_string($zip->getFromName('META-INF/manifest.xml'));
libxml_disable_entity_loader($loadEntities);
$namespacesContent = $xml->getNamespaces(true);
if (isset($namespacesContent['manifest'])) {
$manifest = $xml->children($namespacesContent['manifest']);
Expand Down Expand Up @@ -338,8 +339,9 @@ public function loadIntoExisting($pFilename, PHPExcel $objPHPExcel)
}

// echo '<h1>Meta Information</h1>';
libxml_disable_entity_loader(true);
$loadEntities = libxml_disable_entity_loader(true);
$xml = simplexml_load_string($zip->getFromName("meta.xml"));
libxml_disable_entity_loader($loadEntities);
$namespacesMeta = $xml->getNamespaces(true);
// echo '<pre>';
// print_r($namespacesMeta);
Expand Down Expand Up @@ -423,8 +425,9 @@ public function loadIntoExisting($pFilename, PHPExcel $objPHPExcel)


// echo '<h1>Workbook Content</h1>';
libxml_disable_entity_loader(true);
$loadEntities = libxml_disable_entity_loader(true);
$xml = simplexml_load_string($zip->getFromName("content.xml"));
libxml_disable_entity_loader($loadEntities);
$namespacesContent = $xml->getNamespaces(true);
// echo '<pre>';
// print_r($namespacesContent);
Expand Down
3 changes: 2 additions & 1 deletion getid3/getid3.lib.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -521,8 +521,9 @@ public static function array_min($arraydata, $returnkey=false) {
public static function XML2array($XMLstring) {
if (function_exists('simplexml_load_string')) {
if (function_exists('get_object_vars')) {
libxml_disable_entity_loader(true);
$loadEntities = libxml_disable_entity_loader(true);
$XMLobject = simplexml_load_string($XMLstring);
libxml_disable_entity_loader($loadEntities);
return self::SimpleXMLelement2array($XMLobject);
}
}
Expand Down
Loading

0 comments on commit 184f0a5

Please sign in to comment.