Zend Framework API Documentation » \Zend_Xml

category	Zend
package	Zend_Xml_SecurityScan
copyright	Copyright (c) 2005-2015 Zend Technologies USA Inc. (http://www.zend.com)
license	New BSD License

Methods

Return true if PHP is running with PHP-FPM

isPhpFpm() : boolean

Static

This method is mainly used to determine whether or not heuristic checks (vs libxml checks) should be made, due to threading issues in libxml; under php-fpm, threading becomes a concern.

However, PHP versions 5.5.22+ and 5.6.6+ contain a patch to the libxml support in PHP that makes the libxml checks viable; in such versions, this method will return false to enforce those checks, which are more strict and accurate than the heuristic checks.

Returns

boolean

loadXmlErrorHandler()

loadXmlErrorHandler(integer $errno, string $errstr, string $errfile, integer $errline) : boolean

Static

Parameters

$errno

integer

$errstr

string

$errfile

string

$errline

integer

Returns

boolean

Scan XML string for potential XXE and XEE attacks

scan(string $xml, \DomDocument $dom = null) : \SimpleXMLElement | \DomDocument | boolean

Static

Parameters

$xml

string

$dom

\DomDocument

Exceptions

`\Zend_Xml_Exception`

Returns

\SimpleXMLElement\DomDocumentboolean

Scan XML file for potential XXE/XEE attacks

scanFile(string $file, \DOMDocument $dom = null) : \SimpleXMLElement | \DomDocument

Static

Parameters

$file

string

$dom

\DOMDocument

Exceptions

`\Zend_Xml_Exception`

Returns

\SimpleXMLElement\DomDocument

Attempt to match a known BOM.

detectBom(string $string) : false | string

Static

Iterates through the return of getBomMap(), comparing the initial bytes of the provided string to the BOM of each; if a match is determined, it returns the encoding.

Parameters

$string

string

Returns

falsestringReturns encoding on success.

Determine the string encoding.

detectStringEncoding(string $xml) : string

Static

Determines string encoding from either a detected BOM or a heuristic.

Parameters

$xml

string

Returns

stringFile encoding

Attempt to detect the specified XML encoding.

detectXmlEncoding(string $xml, string $fileEncoding) : array<mixed,string>

Static

Using the file's encoding, determines if an "encoding" attribute is present and well-formed in the XML declaration; if so, it returns a list with both the ASCII representation of that declaration and the original file encoding.

If not, a list containing only the provided file encoding is returned.

Parameters

$xml

string

$fileEncoding

string

Returns

array<mixed,string>Potential XML encodings

Attempt to detect the string encoding of an XML string.

detectXmlStringEncoding(string $xml) : string

Static

Parameters

$xml

string

Returns

stringEncoding

Return a map of encoding => generator pairs.

getAsciiEncodingMap() : array

Static

Returns a map of encoding => generator pairs, where the generator is a callable that accepts a string and returns the appropriate byte order sequence of that string for the encoding.

Returns

array

Return a list of BOM maps.

getBomMap() : array

Static

Returns a list of common encoding -> BOM maps, along with the character length to compare against.

link	https://en.wikipedia.org/wiki/Byte_order_mark

Returns

array

Determine and return the string(s) to use for the <!ENTITY comparison.

getEntityComparison(string $xml) : array<mixed,string>

Static

Parameters

$xml

string

Returns

array<mixed,string>

Heuristic scan to detect entity in XML

heuristicScan(string $xml)

Static

Parameters

$xml

string

Exceptions

`\Zend_Xml_Exception`	If entity expansion or external entity declaration was discovered.

Binary-safe substr.

substr(string $string, integer $start, integer $end) : string

Static

substr() is not binary-safe; this method loops by character to ensure multi-byte characters are aggregated correctly.

Parameters

$string

string

$start

integer

$end

integer

Returns

string

Constants

ENTITY_DETECT

ENTITY_DETECT = 'Detected use of ENTITY in XML, disabled to prevent XXE/XEE attacks'