15319564493

Committed 29 May 2025 08:20AM UTC coverage: 95.177% (-4.8%) from 100.0%

Build # 15319564493

Build Type

push

github

Committed by

Progi1984

Commit Message

Merge commit from fork

Coverage Stats

12 of 27 new or added lines in 2 files covered. (44.44%)

296 of 311 relevant lines covered (95.18%)

3.23 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

37.5

/src/Math/Reader/Security/XmlScanner.php

<?php

namespace PhpOffice\Math\Reader\Security;

use PhpOffice\Math\Exception\SecurityException;

class XmlScanner
{
    public static function getInstance(): self
    {
        return new self();
    }

    /**
     * Scan the XML for use of <!ENTITY to prevent XXE/XEE attacks.
     */
    public function scan(string $xml): string
    {
        // Don't rely purely on libxml_disable_entity_loader()
        $patternDoctype = '/\0*' . implode('\0*', static::mb_str_split('<!DOCTYPE', 1, 'UTF-8')) . '\0*/';
        $patternDoctypeMath = '/\0*' . implode('\0*', static::mb_str_split('<!DOCTYPE math', 1, 'UTF-8')) . '\0*/';

        if (preg_match($patternDoctype, $xml) && !preg_match($patternDoctypeMath, $xml)) {
            throw new SecurityException('Detected use of ENTITY in XML, loading aborted to prevent XXE/XEE attacks');
        }

        return $xml;
    }

    /**
     * @param string $string
     * @param integer $split_length
     * @param string|null $encoding
     * @return array|bool
     */
    public static function mb_str_split(string $string, $split_length = 1, ?string $encoding = null)
    {
        if (extension_loaded('mbstring')) {
            if (function_exists('mb_str_split')) {
                return mb_str_split($string, $split_length, $encoding);
            }
        }
        if (null !== $string && !\is_scalar($string) && !(\is_object($string) && method_exists($string, '__toString'))) {
            trigger_error('mb_str_split() expects parameter 1 to be string, '.\gettype($string).' given', \E_USER_WARNING);

            return null;
        }

        if (1 > $split_length = (int) $split_length) {
            trigger_error('The length of each segment must be greater than zero', \E_USER_WARNING);

            return false;
        }

        if (null === $encoding) {
            $encoding = mb_internal_encoding();
        }

        if ('UTF-8' === $encoding || \in_array(strtoupper($encoding), ['UTF-8', 'UTF8'], true)) {
            return preg_split("/(.{{$split_length}})/u", $string, -1, \PREG_SPLIT_DELIM_CAPTURE | \PREG_SPLIT_NO_EMPTY);
        }

        $result = [];
        $length = mb_strlen($string, $encoding);

        for ($i = 0; $i < $length; $i += $split_length) {
            $result[] = mb_substr($string, $i, $split_length, $encoding);
        }

        return $result;
    }
}

1	<?php
2
3	namespace PhpOffice\Math\Reader\Security;
4
5	use PhpOffice\Math\Exception\SecurityException;
6
7	class XmlScanner
8	{
9	public static function getInstance(): self
10	{
11	return new self();	8✔
12	}
13
14	/**
15	* Scan the XML for use of <!ENTITY to prevent XXE/XEE attacks.
16	*/
17	public function scan(string $xml): string
18	{
19	// Don't rely purely on libxml_disable_entity_loader()
20	$patternDoctype = '/\0' . implode('\0', static::mb_str_split('<!DOCTYPE', 1, 'UTF-8')) . '\0*/';	8✔
21	$patternDoctypeMath = '/\0' . implode('\0', static::mb_str_split('<!DOCTYPE math', 1, 'UTF-8')) . '\0*/';	8✔
22
23	if (preg_match($patternDoctype, $xml) && !preg_match($patternDoctypeMath, $xml)) {	8✔
24	throw new SecurityException('Detected use of ENTITY in XML, loading aborted to prevent XXE/XEE attacks');	1✔
25	}
26
27	return $xml;	7✔
28	}
29
30	/**
31	* @param string $string
32	* @param integer $split_length
33	* @param string\|null $encoding
34	* @return array\|bool
35	*/
36	public static function mb_str_split(string $string, $split_length = 1, ?string $encoding = null)
37	{
38	if (extension_loaded('mbstring')) {	8✔
39	if (function_exists('mb_str_split')) {	8✔
40	return mb_str_split($string, $split_length, $encoding);	8✔
41	}
42	}
NEW 43	if (null !== $string && !\is_scalar($string) && !(\is_object($string) && method_exists($string, '__toString'))) {	×
NEW 44	trigger_error('mb_str_split() expects parameter 1 to be string, '.\gettype($string).' given', \E_USER_WARNING);	×
45
NEW 46	return null;	×
47	}
48
NEW 49	if (1 > $split_length = (int) $split_length) {	×
NEW 50	trigger_error('The length of each segment must be greater than zero', \E_USER_WARNING);	×
51
NEW 52	return false;	×
53	}
54
NEW 55	if (null === $encoding) {	×
NEW 56	$encoding = mb_internal_encoding();	×
57	}
58
NEW 59	if ('UTF-8' === $encoding \|\| \in_array(strtoupper($encoding), ['UTF-8', 'UTF8'], true)) {	×
NEW 60	return preg_split("/(.{{$split_length}})/u", $string, -1, \PREG_SPLIT_DELIM_CAPTURE \| \PREG_SPLIT_NO_EMPTY);	×
61	}
62
NEW 63	$result = [];	×
NEW 64	$length = mb_strlen($string, $encoding);	×
65
NEW 66	for ($i = 0; $i < $length; $i += $split_length) {	×
NEW 67	$result[] = mb_substr($string, $i, $split_length, $encoding);	×
68	}
69
NEW 70	return $result;	×
71	}
72	}

PHPOffice / Math / 15319564493

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous