loveJesus
/
PHPExcel-1.8-aleluya
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
For God so loved the world, that He gave His only begotten Son, that all who believe in Him should not perish but have everlasting life
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 Commit
1 Branch
3.5 MiB
Branch: aleluya
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'aleluya'
${ noResults }
PHPExcel-1.8-aleluya/Documentation/markdown/ReadingSpreadsheetFiles/02-Security.md

12 lines
621 B
Raw Permalink Normal View History

For God so loved the world, that He gave His only begotten Son, that all who believe in Him should not perish but have everlasting life
3 years ago
 
  1. # PHPExcel User Documentation – Reading Spreadsheet Files

  2. 

  3. 

  4. ## Security

  5. 

  6. XML-based formats such as OfficeOpen XML, Excel2003 XML, OASIS and Gnumeric are susceptible to XML External Entity Processing (XXE) injection attacks (for an explanation of XXE injection see http://websec.io/2012/08/27/Preventing-XEE-in-PHP.html) when reading spreadsheet files. This can lead to:
  7. 

  8.  - Disclosure whether a file is existent
  9.  - Server Side Request Forgery
  10.  - Command Execution (depending on the installed PHP wrappers)
  11.  
  12. 

  13. To prevent this, PHPExcel sets `libxml_disable_entity_loader` to `true` for the XML-based Readers by default.