- simplexml_load_string: documentation ( source)
<?php
$buffer = <<<XML
<?xml version="1.0"?>
<!DOCTYPE foo [
<!ELEMENT foo ANY >
<!ENTITY xxe SYSTEM "data://text/plain,test" >]><foo>&xxe;</foo>
XML;
//libxml_disable_entity_loader(false);
$xml = simplexml_load_string($buffer);
$xml->asXML('php://output');
$xml = simplexml_load_string($buffer, 'SimpleXMLElement', LIBXML_NOENT);
$xml->asXML('php://output');