<?php /** * @link http://stackoverflow.com/a/29864193/367456 */ $buffer = <<<XML <?xml version="1.0"?> <!DOCTYPE foo [ <!ELEMENT foo ANY > <!ENTITY xxe SYSTEM "data://text/html,aaaa" >]><foo>&xxe;</foo> XML; //libxml_disable_entity_loader(false); $xml = simplexml_load_string($buffer); var_dump($xml); echo 'break\n\r'; $xml = simplexml_load_string($buffer, 'SimpleXMLElement', LIBXML_NOENT); var_dump($xml);
You have javascript disabled. You will not be able to edit any code.