3v4l.org

run code in 300+ PHP versions simultaneously
<?php /** * @link http://stackoverflow.com/a/29864193/367456 */ $buffer = <<<XML <?xml version="1.0"?> <!DOCTYPE foo [ <!ELEMENT foo ANY > <!ENTITY xxe SYSTEM "data://text/plain,test" >]><foo>&xxe;</foo> XML; libxml_disable_entity_loader(false); $xml = simplexml_load_string($buffer); $xml->asXML('php://output'); $xml = simplexml_load_string($buffer, 'SimpleXMLElement', LIBXML_NOENT); $xml->asXML('php://output');
Output for 8.4.1 - 8.4.12
Deprecated: Function libxml_disable_entity_loader() is deprecated since 8.0, as external entity loading is disabled by default in /in/LiEKI on line 13 <?xml version="1.0"?> <!DOCTYPE foo [ <!ELEMENT foo ANY> <!ENTITY xxe SYSTEM "data://text/plain,test"> ]> <foo>&xxe;</foo> <?xml version="1.0"?> <!DOCTYPE foo [ <!ELEMENT foo ANY> <!ENTITY xxe SYSTEM "data://text/plain,test"> ]> <foo>test</foo>
Output for 8.0.0 - 8.0.30, 8.1.0 - 8.1.33, 8.2.0 - 8.2.29, 8.3.0 - 8.3.25
Deprecated: Function libxml_disable_entity_loader() is deprecated in /in/LiEKI on line 13 <?xml version="1.0"?> <!DOCTYPE foo [ <!ELEMENT foo ANY> <!ENTITY xxe SYSTEM "data://text/plain,test"> ]> <foo>&xxe;</foo> <?xml version="1.0"?> <!DOCTYPE foo [ <!ELEMENT foo ANY> <!ENTITY xxe SYSTEM "data://text/plain,test"> ]> <foo>test</foo>
Output for 5.4.0 - 5.4.45, 5.5.0 - 5.5.38, 5.6.0 - 5.6.40, 7.0.0 - 7.0.33, 7.1.0 - 7.1.33, 7.2.0 - 7.2.34, 7.3.0 - 7.3.33, 7.4.0 - 7.4.33
<?xml version="1.0"?> <!DOCTYPE foo [ <!ELEMENT foo ANY> <!ENTITY xxe SYSTEM "data://text/plain,test"> ]> <foo>&xxe;</foo> <?xml version="1.0"?> <!DOCTYPE foo [ <!ELEMENT foo ANY> <!ENTITY xxe SYSTEM "data://text/plain,test"> ]> <foo>test</foo>
preferences:
142.22 ms | 411 KiB | 5 Q