Online PHP editor | output for fpedv

@ 2024-04-23T23:23:22Z

<?php
$xml = <<<XML
<!DOCTYPE root [
    <!ENTITY attack SYSTEM "config/config.ini">
    <!ENTITY ent SYSTEM "entities/ent.txt">
]>
<xml>
    &attack;
    &ent;
</xml>
XML;

// emulate existing local file
mkdir('/tmp/entities/');
file_put_contents('/tmp/entities/ent.txt', 'OK ENTITY');

libxml_set_external_entity_loader(
    function (?string $public, ?string $system, array $context) {
        $path = realpath('/tmp' . $system);
        if ($public === null && $path !== null && str_starts_with($path, '/tmp/entities/')) {
            $resolved = file_get_contents('/tmp' . $system);
        } else {
            $resolved = 'nice try but no';
        }
        $f = fopen('php://temp', 'r+');
        fwrite($f, $resolved);
        rewind($f);
        return $f;
    }
);

$doc = new DOMDocument;
$doc->loadXML($xml, LIBXML_NOENT);
echo $doc->saveXML();
?>

Output for 8.1.0 - 8.1.30, 8.2.0 - 8.2.25, 8.3.0 - 8.3.13: <?xml version="1.0"?> <!DOCTYPE root [ <!ENTITY attack SYSTEM "config/config.ini"> <!ENTITY ent SYSTEM "entities/ent.txt"> ]> <xml> nice try but no OK ENTITY </xml>
Output for 7.4.33: Warning: DOMDocument::loadXML(): Failure to process entity attack in Entity, line: 6 in /in/fpedv on line 33 Warning: DOMDocument::loadXML(): Entity 'attack' not defined in Entity, line: 6 in /in/fpedv on line 33 Warning: DOMDocument::loadXML(): Failure to process entity ent in Entity, line: 7 in /in/fpedv on line 33 Warning: DOMDocument::loadXML(): Entity 'ent' not defined in Entity, line: 7 in /in/fpedv on line 33 Fatal error: Uncaught Error: Call to undefined function str_starts_with() in /in/fpedv:20 Stack trace: #0 [internal function]: {closure}(NULL, '/config/config....', Array) #1 /in/fpedv(33): DOMDocument->loadXML('<!DOCTYPE root ...', 2) #2 {main} thrown in /in/fpedv on line 20
Process exited with code 255.

preferences:dark modelive preview