Merged in libxml18 (pull request #8)

Disable loading external entities during XML parsing
author: Paweł Sroka <srokap@gmail.com> 2014-01-01 13:12:24 +0100
committer: Paweł Sroka <srokap@gmail.com> 2014-01-01 13:12:24 +0100
commit: 53509917fd2119e17209179aae6d54b64dd2d244 (patch)
tree: aac2e883578b78796686728ae3beed5b2a35a9a4 /engine/tests/test_files
parent: 7006294fcbfab450289403b6519edb9d5d30ff35 (diff)
parent: 7cacdc8bc26c98a58dc8986acfd911d6542608af (diff)
download: elgg-53509917fd2119e17209179aae6d54b64dd2d244.tar.gz
elgg-53509917fd2119e17209179aae6d54b64dd2d244.tar.bz2
2 files changed, 9 insertions, 0 deletions
diff --git a/engine/tests/test_files/xxe/external_entity.txt b/engine/tests/test_files/xxe/external_entity.txt
new file mode 100644
index 000000000..536aca34d
--- /dev/null
+++ b/engine/tests/test_files/xxe/external_entity.txt
@@ -0,0 +1 @@
+secret
+\ No newline at end of file
diff --git a/engine/tests/test_files/xxe/request.xml b/engine/tests/test_files/xxe/request.xml
new file mode 100644
index 000000000..4390f9db2
--- /dev/null
+++ b/engine/tests/test_files/xxe/request.xml
@@ -0,0 +1,8 @@
+<?xml version="1.0"?>
+<!DOCTYPE foo [
+<!ELEMENT methodName ANY >
+<!ENTITY xxe SYSTEM "%s" >
+]>
+<methodCall>
+    <methodName>test&xxe;test</methodName>
+</methodCall>
author	Paweł Sroka <srokap@gmail.com>	2014-01-01 13:12:24 +0100
committer	Paweł Sroka <srokap@gmail.com>	2014-01-01 13:12:24 +0100
commit	53509917fd2119e17209179aae6d54b64dd2d244 (patch)
tree	aac2e883578b78796686728ae3beed5b2a35a9a4 /engine/tests/test_files
parent	7006294fcbfab450289403b6519edb9d5d30ff35 (diff)
parent	7cacdc8bc26c98a58dc8986acfd911d6542608af (diff)
download	elgg-53509917fd2119e17209179aae6d54b64dd2d244.tar.gz elgg-53509917fd2119e17209179aae6d54b64dd2d244.tar.bz2