3v4l.org

run code in 300+ PHP versions simultaneously
<?php $xml = <<<XML <!DOCTYPE root [ <!ENTITY attack SYSTEM "config/config.ini"> <!ENTITY ent SYSTEM "entities/ent.txt"> ]> <xml> &attack; &ent; </xml> XML; // emulate existing local file mkdir('/tmp/entities/'); file_put_contents('/tmp/entities/ent.txt', 'OK ENTITY'); libxml_set_external_entity_loader( function (?string $public, ?string $system, array $context) { $path = realpath('/tmp' . $system); if ($public === null && $path !== null && str_starts_with($path, '/tmp/entities/')) { $resolved = file_get_contents('/tmp' . $system); } else { $resolved = 'nice try but no'; } $f = fopen('php://temp', 'r+'); fwrite($f, $resolved); rewind($f); return $f; } ); $doc = new DOMDocument; $doc->loadXML($xml, LIBXML_NOENT); echo $doc->saveXML(); ?>
Output for git.master, git.master_jit, rfc.property-hooks
<?xml version="1.0"?> <!DOCTYPE root [ <!ENTITY attack SYSTEM "config/config.ini"> <!ENTITY ent SYSTEM "entities/ent.txt"> ]> <xml> nice try but no OK ENTITY </xml>

This tab shows result from various feature-branches currently under review by the php developers. Contact me to have additional branches featured.

Active branches

Archived branches

Once feature-branches are merged or declined, they are no longer available. Their functionality (when merged) can be viewed from the main output page

preferences:
41.12 ms | 405 KiB | 5 Q