category | Zend |
---|---|
package | Zend_Xml_SecurityScan |
copyright | Copyright (c) 2005-2015 Zend Technologies USA Inc. (http://www.zend.com) |
license | New BSD License |
isPhpFpm() : boolean
This method is mainly used to determine whether or not heuristic checks (vs libxml checks) should be made, due to threading issues in libxml; under php-fpm, threading becomes a concern.
However, PHP versions 5.5.22+ and 5.6.6+ contain a patch to the libxml support in PHP that makes the libxml checks viable; in such versions, this method will return false to enforce those checks, which are more strict and accurate than the heuristic checks.
boolean
loadXmlErrorHandler(integer $errno, string $errstr, string $errfile, integer $errline) : boolean
integer
string
string
integer
boolean
scan(string $xml, \DomDocument $dom = null
) : \SimpleXMLElement | \DomDocument | boolean
string
\DomDocument
\Zend_Xml_Exception |
---|
\SimpleXMLElement
\DomDocument
boolean
scanFile(string $file, \DOMDocument $dom = null
) : \SimpleXMLElement | \DomDocument
string
\DOMDocument
\Zend_Xml_Exception |
---|
\SimpleXMLElement
\DomDocument
detectBom(string $string) : false | string
Iterates through the return of getBomMap(), comparing the initial bytes of the provided string to the BOM of each; if a match is determined, it returns the encoding.
string
false
string
Returns encoding on success.detectStringEncoding(string $xml) : string
Determines string encoding from either a detected BOM or a heuristic.
string
string
File encodingdetectXmlEncoding(string $xml, string $fileEncoding) : array<mixed,string>
Using the file's encoding, determines if an "encoding" attribute is present and well-formed in the XML declaration; if so, it returns a list with both the ASCII representation of that declaration and the original file encoding.
If not, a list containing only the provided file encoding is returned.
string
string
array<mixed,string>
Potential XML encodingsdetectXmlStringEncoding(string $xml) : string
string
string
EncodinggetAsciiEncodingMap() : array
Returns a map of encoding => generator pairs, where the generator is a callable that accepts a string and returns the appropriate byte order sequence of that string for the encoding.
array
getBomMap() : array
Returns a list of common encoding -> BOM maps, along with the character length to compare against.
link | https://en.wikipedia.org/wiki/Byte_order_mark |
---|
array
getEntityComparison(string $xml) : array<mixed,string>
string
array<mixed,string>
heuristicScan(string $xml)
string
\Zend_Xml_Exception |
If entity expansion or external entity declaration was discovered. |
---|
substr(string $string, integer $start, integer $end) : string
substr() is not binary-safe; this method loops by character to ensure multi-byte characters are aggregated correctly.
string
integer
integer
string
ENTITY_DETECT = 'Detected use of ENTITY in XML, disabled to prevent XXE/XEE attacks'