<?php $xml = '<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE strony [ <!ENTITY shp SYSTEM "php://echo dir('/etc');"> ] > <strony> <strona id="cccc"> <nazwa>bbbb</nazwa> <url>http://www.aaaa.pl/</url> <komentarz> &shp;</komentarz> </strona> </strony>'; $strony = new SimpleXMLElement($xml, LIBXML_NOENT); foreach($strony->strona->komentarz as $komentarz) echo "$komentarz\n";
based on ohrv5
Output for 5.6.0 - 5.6.30, 7.0.0 - 7.1.7
Parse error: syntax error, unexpected '');">' (T_CONSTANT_ENCAPSED_STRING) in /in/TWceD on line 13
Process exited with code 255.
Output for hhvm-3.15.4
Fatal error: Uncaught Error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING in /in/TWceD:5 Stack trace: #0 {main}
Process exited with code 255.