Skip to content

Commit

Permalink
Ignore Settings::libXmlLoaderOptions
Browse files Browse the repository at this point in the history
Backport of PR #4233.
  • Loading branch information
oleibman committed Nov 22, 2024
1 parent 819854a commit 52de298
Show file tree
Hide file tree
Showing 12 changed files with 70 additions and 50 deletions.
10 changes: 10 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,16 @@ All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com)
and this project adheres to [Semantic Versioning](https://semver.org).

## 2024-11-22 - 2.1.4

### Changed

- Settings::libXmlLoaderOptions is ignored. Backport of [PR #4233](https://github.com/PHPOffice/PhpSpreadsheet/pull/4233)

### Deprecated

- Settings::setLibXmlLoaderOptions() and Settings::getLibXmlLoaderOptions() are no longer needed - no replacement.

## 2024-11-10 - 2.1.3

### Fixed
Expand Down
1 change: 0 additions & 1 deletion docs/topics/reading-and-writing-to-file.md
Original file line number Diff line number Diff line change
Expand Up @@ -298,7 +298,6 @@ versions of Microsoft Excel.
**Excel 2003 XML limitations** Please note that Excel 2003 XML format
has some limits regarding to styling cells and handling large
spreadsheets via PHP.
Also, only files using charset UTF-8 or ISO-8859-* are supported.

### \PhpOffice\PhpSpreadsheet\Reader\Xml

Expand Down
7 changes: 3 additions & 4 deletions src/PhpSpreadsheet/Reader/Gnumeric.php
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,6 @@
use PhpOffice\PhpSpreadsheet\Reader\Security\XmlScanner;
use PhpOffice\PhpSpreadsheet\ReferenceHelper;
use PhpOffice\PhpSpreadsheet\RichText\RichText;
use PhpOffice\PhpSpreadsheet\Settings;
use PhpOffice\PhpSpreadsheet\Shared\File;
use PhpOffice\PhpSpreadsheet\Spreadsheet;
use PhpOffice\PhpSpreadsheet\Worksheet\Worksheet;
Expand Down Expand Up @@ -104,7 +103,7 @@ public function listWorksheetNames(string $filename): array

$xml = new XMLReader();
$contents = $this->gzfileGetContents($filename);
$xml->xml($contents, null, Settings::getLibXmlLoaderOptions());
$xml->xml($contents);
$xml->setParserProperty(2, true);

$worksheetNames = [];
Expand Down Expand Up @@ -133,7 +132,7 @@ public function listWorksheetInfo(string $filename): array

$xml = new XMLReader();
$contents = $this->gzfileGetContents($filename);
$xml->xml($contents, null, Settings::getLibXmlLoaderOptions());
$xml->xml($contents);
$xml->setParserProperty(2, true);

$worksheetInfo = [];
Expand Down Expand Up @@ -247,7 +246,7 @@ public function loadIntoExisting(string $filename, Spreadsheet $spreadsheet): Sp

/** @var XmlScanner */
$securityScanner = $this->securityScanner;
$xml2 = simplexml_load_string($securityScanner->scan($gFileData), 'SimpleXMLElement', Settings::getLibXmlLoaderOptions());
$xml2 = simplexml_load_string($securityScanner->scan($gFileData));
$xml = self::testSimpleXml($xml2);

$gnmXML = $xml->children(self::NAMESPACE_GNM);
Expand Down
2 changes: 1 addition & 1 deletion src/PhpSpreadsheet/Reader/Html.php
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ class Html extends BaseReader

private const STARTS_WITH_BOM = '/^(?:\xfe\xff|\xff\xfe|\xEF\xBB\xBF)/';

private const DECLARES_CHARSET = '/ charset=/i';
private const DECLARES_CHARSET = '/\\bcharset=/i';

/**
* Input encoding.
Expand Down
37 changes: 18 additions & 19 deletions src/PhpSpreadsheet/Reader/Ods.php
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,6 @@
use PhpOffice\PhpSpreadsheet\Reader\Ods\Properties as DocumentProperties;
use PhpOffice\PhpSpreadsheet\Reader\Security\XmlScanner;
use PhpOffice\PhpSpreadsheet\RichText\RichText;
use PhpOffice\PhpSpreadsheet\Settings;
use PhpOffice\PhpSpreadsheet\Shared\Date;
use PhpOffice\PhpSpreadsheet\Shared\File;
use PhpOffice\PhpSpreadsheet\Spreadsheet;
Expand Down Expand Up @@ -57,9 +56,12 @@ public function canRead(string $filename): bool
$mimeType = $zip->getFromName($stat['name']);
} elseif ($zip->statName('META-INF/manifest.xml')) {
$xml = simplexml_load_string(
$this->getSecurityScannerOrThrow()->scan($zip->getFromName('META-INF/manifest.xml')),
'SimpleXMLElement',
Settings::getLibXmlLoaderOptions()
$this->getSecurityScannerOrThrow()
->scan(
$zip->getFromName(
'META-INF/manifest.xml'
)
)
);
if ($xml !== false) {
$namespacesContent = $xml->getNamespaces(true);
Expand Down Expand Up @@ -97,9 +99,8 @@ public function listWorksheetNames(string $filename): array

$xml = new XMLReader();
$xml->xml(
$this->getSecurityScannerOrThrow()->scanFile('zip://' . realpath($filename) . '#' . self::INITIAL_FILE),
null,
Settings::getLibXmlLoaderOptions()
$this->getSecurityScannerOrThrow()
->scanFile('zip://' . realpath($filename) . '#' . self::INITIAL_FILE)
);
$xml->setParserProperty(2, true);

Expand Down Expand Up @@ -144,9 +145,8 @@ public function listWorksheetInfo(string $filename): array

$xml = new XMLReader();
$xml->xml(
$this->getSecurityScannerOrThrow()->scanFile('zip://' . realpath($filename) . '#' . self::INITIAL_FILE),
null,
Settings::getLibXmlLoaderOptions()
$this->getSecurityScannerOrThrow()
->scanFile('zip://' . realpath($filename) . '#' . self::INITIAL_FILE)
);
$xml->setParserProperty(2, true);

Expand Down Expand Up @@ -252,9 +252,8 @@ public function loadIntoExisting(string $filename, Spreadsheet $spreadsheet): Sp
// Meta

$xml = @simplexml_load_string(
$this->getSecurityScannerOrThrow()->scan($zip->getFromName('meta.xml')),
'SimpleXMLElement',
Settings::getLibXmlLoaderOptions()
$this->getSecurityScannerOrThrow()
->scan($zip->getFromName('meta.xml'))
);
if ($xml === false) {
throw new Exception('Unable to read data from {$pFilename}');
Expand All @@ -268,8 +267,8 @@ public function loadIntoExisting(string $filename, Spreadsheet $spreadsheet): Sp

$dom = new DOMDocument('1.01', 'UTF-8');
$dom->loadXML(
$this->getSecurityScannerOrThrow()->scan($zip->getFromName('styles.xml')),
Settings::getLibXmlLoaderOptions()
$this->getSecurityScannerOrThrow()
->scan($zip->getFromName('styles.xml'))
);

$pageSettings = new PageSettings($dom);
Expand All @@ -278,8 +277,8 @@ public function loadIntoExisting(string $filename, Spreadsheet $spreadsheet): Sp

$dom = new DOMDocument('1.01', 'UTF-8');
$dom->loadXML(
$this->getSecurityScannerOrThrow()->scan($zip->getFromName(self::INITIAL_FILE)),
Settings::getLibXmlLoaderOptions()
$this->getSecurityScannerOrThrow()
->scan($zip->getFromName(self::INITIAL_FILE))
);

$officeNs = (string) $dom->lookupNamespaceUri('office');
Expand Down Expand Up @@ -655,8 +654,8 @@ private function processSettings(ZipArchive $zip, Spreadsheet $spreadsheet): voi
{
$dom = new DOMDocument('1.01', 'UTF-8');
$dom->loadXML(
$this->getSecurityScannerOrThrow()->scan($zip->getFromName('settings.xml')),
Settings::getLibXmlLoaderOptions()
$this->getSecurityScannerOrThrow()
->scan($zip->getFromName('settings.xml'))
);
//$xlinkNs = $dom->lookupNamespaceUri('xlink');
$configNs = (string) $dom->lookupNamespaceUri('config');
Expand Down
22 changes: 11 additions & 11 deletions src/PhpSpreadsheet/Reader/Xlsx.php
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,6 @@
use PhpOffice\PhpSpreadsheet\Reader\Xlsx\WorkbookView;
use PhpOffice\PhpSpreadsheet\ReferenceHelper;
use PhpOffice\PhpSpreadsheet\RichText\RichText;
use PhpOffice\PhpSpreadsheet\Settings;
use PhpOffice\PhpSpreadsheet\Shared\Date;
use PhpOffice\PhpSpreadsheet\Shared\Drawing;
use PhpOffice\PhpSpreadsheet\Shared\File;
Expand Down Expand Up @@ -120,7 +119,7 @@ private function loadZip(string $filename, string $ns = '', bool $replaceUnclose
$rels = @simplexml_load_string(
$this->getSecurityScannerOrThrow()->scan($contents),
'SimpleXMLElement',
Settings::getLibXmlLoaderOptions(),
0,
$ns
);

Expand All @@ -135,7 +134,7 @@ private function loadZipNonamespace(string $filename, string $ns): SimpleXMLElem
$rels = simplexml_load_string(
$this->getSecurityScannerOrThrow()->scan($contents),
'SimpleXMLElement',
Settings::getLibXmlLoaderOptions(),
0,
($ns === '' ? $ns : '')
);

Expand Down Expand Up @@ -243,11 +242,13 @@ public function listWorksheetInfo(string $filename): array

$xml = new XMLReader();
$xml->xml(
$this->getSecurityScannerOrThrow()->scan(
$this->getFromZipArchive($this->zip, $fileWorksheetPath)
),
null,
Settings::getLibXmlLoaderOptions()
$this->getSecurityScannerOrThrow()
->scan(
$this->getFromZipArchive(
$this->zip,
$fileWorksheetPath
)
)
);
$xml->setParserProperty(2, true);

Expand Down Expand Up @@ -1950,9 +1951,8 @@ private function readRibbon(Spreadsheet $excel, string $customUITarget, ZipArchi
if ($dataRels) {
// exists and not empty if the ribbon have some pictures (other than internal MSO)
$UIRels = simplexml_load_string(
$this->getSecurityScannerOrThrow()->scan($dataRels),
'SimpleXMLElement',
Settings::getLibXmlLoaderOptions()
$this->getSecurityScannerOrThrow()
->scan($dataRels)
);
if (false !== $UIRels) {
// we need to save id and target to avoid parsing customUI.xml and "guess" if it's a pseudo callback who load the image
Expand Down
5 changes: 1 addition & 4 deletions src/PhpSpreadsheet/Reader/Xlsx/Properties.php
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@

use PhpOffice\PhpSpreadsheet\Document\Properties as DocumentProperties;
use PhpOffice\PhpSpreadsheet\Reader\Security\XmlScanner;
use PhpOffice\PhpSpreadsheet\Settings;
use SimpleXMLElement;

class Properties
Expand All @@ -23,9 +22,7 @@ private function extractPropertyData(string $propertyData): ?SimpleXMLElement
{
// okay to omit namespace because everything will be processed by xpath
$obj = simplexml_load_string(
$this->securityScanner->scan($propertyData),
'SimpleXMLElement',
Settings::getLibXmlLoaderOptions()
$this->securityScanner->scan($propertyData)
);

return $obj === false ? null : $obj;
Expand Down
6 changes: 2 additions & 4 deletions src/PhpSpreadsheet/Reader/Xml.php
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,6 @@
use PhpOffice\PhpSpreadsheet\Reader\Xml\Properties;
use PhpOffice\PhpSpreadsheet\Reader\Xml\Style;
use PhpOffice\PhpSpreadsheet\RichText\RichText;
use PhpOffice\PhpSpreadsheet\Settings;
use PhpOffice\PhpSpreadsheet\Shared\Date;
use PhpOffice\PhpSpreadsheet\Shared\File;
use PhpOffice\PhpSpreadsheet\Spreadsheet;
Expand Down Expand Up @@ -134,9 +133,8 @@ private function trySimpleXMLLoadStringPrivate(string $filename, string $fileOrS
}
if ($continue) {
$xml = @simplexml_load_string(
$this->getSecurityScannerOrThrow()->scan($data),
'SimpleXMLElement',
Settings::getLibXmlLoaderOptions()
$this->getSecurityScannerOrThrow()
->scan($data)
);
}
} catch (Throwable $e) {
Expand Down
10 changes: 5 additions & 5 deletions src/PhpSpreadsheet/Settings.php
Original file line number Diff line number Diff line change
Expand Up @@ -96,6 +96,8 @@ public static function htmlEntityFlags(): int
* Set default options for libxml loader.
*
* @param ?int $options Default options for libxml loader
*
* @deprecated 3.5.0 no longer needed
*/
public static function setLibXmlLoaderOptions(?int $options): int
{
Expand All @@ -112,14 +114,12 @@ public static function setLibXmlLoaderOptions(?int $options): int
* Defaults to LIBXML_DTDLOAD | LIBXML_DTDATTR when not set explicitly.
*
* @return int Default options for libxml loader
*
* @deprecated 3.5.0 no longer needed
*/
public static function getLibXmlLoaderOptions(): int
{
if (self::$libXmlLoaderOptions === null) {
return self::setLibXmlLoaderOptions(null);
}

return self::$libXmlLoaderOptions;
return self::$libXmlLoaderOptions ?? (defined('LIBXML_DTDLOAD') ? (LIBXML_DTDLOAD | LIBXML_DTDATTR) : 0);
}

/**
Expand Down
1 change: 1 addition & 0 deletions tests/PhpSpreadsheetTests/Reader/Html/HtmlCharsetTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,7 @@ public static function providerCharset(): array
['charset.UTF-16.lebom.html', 'À1'],
['charset.gb18030.html', '电视机'],
['charset.unknown.html', 'exception'],
['xhtml4.entity.xhtml', 'exception'],
];
}
}
2 changes: 1 addition & 1 deletion tests/data/Reader/HTML/charset.ISO-8859-1.html4.html
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang='en'>
<head>
<meta http-equiv="Content-Type" content="text/html; CHARSET=ISO-8859-1">
<meta http-equiv="Content-Type" content="text/html;CHARSET=ISO-8859-1">
<title>ISO-8859-1 Html4 Doctype and Meta</title>
</head>
<body>
Expand Down
17 changes: 17 additions & 0 deletions tests/data/Reader/HTML/xhtml4.entity.xhtml
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd" [
<!ENTITY test "It worked">
]>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="application/xhtml+xml;charset=utf-8" />
<title>HTML Entities</title>
</head>
<body>
<table>
<tbody>
<tr><td>&test;</td></tr>
</tbody>
</table>
</body>
</html>

0 comments on commit 52de298

Please sign in to comment.