Added XXE protection to HTML Reader

Mark Baker · Mark Baker · commit 8f265a934297 · 2014-02-21T11:08:57.000Z
diff --git a/Classes/PHPExcel/Reader/HTML.php b/Classes/PHPExcel/Reader/HTML.php
@@ -424,7 +424,7 @@ public function loadIntoExisting($pFilename, PHPExcel $objPHPExcel)
 		//	Create a new DOM object
 		$dom = new domDocument;
 		//	Reload the HTML file into the DOM object
-		$loaded = $dom->loadHTMLFile($pFilename);
+		$loaded = $dom->loadHTMLFile($pFilename, PHPExcel_Settings::getLibXmlLoaderOptions());
 		if ($loaded === FALSE) {
 			throw new PHPExcel_Reader_Exception('Failed to load ',$pFilename,' as a DOM Document');
 		}

Original file line number	Diff line number	Diff line change
`@@ -424,7 +424,7 @@ public function loadIntoExisting($pFilename, PHPExcel $objPHPExcel)`
`424`	`424`	`// Create a new DOM object`
`425`	`425`	`$dom = new domDocument;`
`426`	`426`	`// Reload the HTML file into the DOM object`
`427`		`- $loaded = $dom->loadHTMLFile($pFilename);`
	`427`	`+ $loaded = $dom->loadHTMLFile($pFilename, PHPExcel_Settings::getLibXmlLoaderOptions());`
`428`	`428`	`if ($loaded === FALSE) {`
`429`	`429`	`throw new PHPExcel_Reader_Exception('Failed to load ',$pFilename,' as a DOM Document');`
`430`	`430`	`}`