Skip to content

Commit

Permalink
Merge commit from fork
Browse files Browse the repository at this point in the history
* Check for Whitespace Around Xml Encoding

* More Tests
  • Loading branch information
oleibman authored Sep 14, 2024
1 parent 3815843 commit 63ccb02
Show file tree
Hide file tree
Showing 6 changed files with 24 additions and 2 deletions.
4 changes: 2 additions & 2 deletions src/PhpSpreadsheet/Reader/Security/XmlScanner.php
Original file line number Diff line number Diff line change
Expand Up @@ -51,8 +51,8 @@ private function toUtf8(string $xml): string
private function findCharSet(string $xml): string
{
$patterns = [
'/encoding="([^"]*]?)"/',
"/encoding='([^']*?)'/",
'/encoding\\s*=\\s*"([^"]*]?)"/',
"/encoding\\s*=\\s*'([^']*?)'/",
];

foreach ($patterns as $pattern) {
Expand Down
16 changes: 16 additions & 0 deletions tests/PhpSpreadsheetTests/Reader/Security/XmlScannerTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -131,4 +131,20 @@ public function testEncodingAllowsMixedCase(): void
$output = $scanner->scan($input = '<?xml version="1.0" encoding="utf-8"?><foo>bar</foo>');
self::assertSame($input, $output);
}

public function testUtf7Whitespace(): void
{
$this->expectException(ReaderException::class);
$this->expectExceptionMessage('Double-encoded');
$reader = new Xlsx();
$reader->load('tests/data/Reader/XLSX/utf7white.dontuse');
}

public function testUtf8Entity(): void
{
$this->expectException(ReaderException::class);
$this->expectExceptionMessage('Detected use of ENTITY');
$reader = new Xlsx();
$reader->load('tests/data/Reader/XLSX/utf8entity.dontuse');
}
}
Binary file added tests/data/Reader/XLSX/utf7white.dontuse
Binary file not shown.
Binary file added tests/data/Reader/XLSX/utf8entity.dontuse
Binary file not shown.
2 changes: 2 additions & 0 deletions tests/data/Reader/Xml/XEETestInvalidUTF-7-whitespace.xml
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
<?xml version="1.0" encoding ='UTF-7' standalone="yes"?>
+ADw-+ACE-DOCTYPE+ACA-foo+ACA-+AFs-+ADw-+ACE-ENTITY+ACA-toreplace+ACA-+ACI-xxe+AF8-test+ACI-+AD4-+ACA-+AF0-+AD4-+AAo-+ADw-sst+ACA-xmlns+AD0-+ACI-http://schemas.openxmlformats.org/spreadsheetml/2006/main+ACI-+ACA-count+AD0-+ACI-2+ACI-+ACA-uniqueCount+AD0-+ACI-1+ACI-+AD4-+ADw-si+AD4-+ADw-t+AD4-+ACY-toreplace+ADs-+ADw-/t+AD4-+ADw-/si+AD4-+ADw-/sst+AD4-
4 changes: 4 additions & 0 deletions tests/data/Reader/Xml/XEETestValidUTF-8-whitespace.xml
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
<?xml version='1.0' encoding = "UTF-8" standalone='yes'?>
<root>
test: Valid
</root>

0 comments on commit 63ccb02

Please sign in to comment.