libxml_disable_entity_loader example

$imports </xsd:schema> EOF
        ;

        if ($this->shouldEnableEntityLoader()) {
            $disableEntities = libxml_disable_entity_loader(false);
            $valid = @$dom->schemaValidateSource($source);
            libxml_disable_entity_loader($disableEntities);
        } else {
            $valid = @$dom->schemaValidateSource($source);
        }
        foreach ($tmpfiles as $tmpfile) {
            @unlink($tmpfile);
        }

        return $valid;
    }

    

/** * Validates and parses the given file into a DOMDocument. * * @throws InvalidResourceException */
    public static function validateSchema(\DOMDocument $dom): array
    {
        $xliffVersion = static::getVersionNumber($dom);
        $internalErrors = libxml_use_internal_errors(true);
        if ($shouldEnable = self::shouldEnableEntityLoader()) {
            $disableEntities = libxml_disable_entity_loader(false);
        }
        try {
            $isValid = @$dom->schemaValidateSource(self::getSchema($xliffVersion));
            if (!$isValid) {
                return self::getXmlErrors($internalErrors);
            }
        } finally {
            if ($shouldEnable) {
                libxml_disable_entity_loader($disableEntities);
            }
        }

        

/** * @param string $XMLstring * * @return array|false */
    public static function XML2array($XMLstring) {
        if (function_exists('simplexml_load_string') && function_exists('libxml_disable_entity_loader')) {
            // http://websec.io/2012/08/27/Preventing-XEE-in-PHP.html             // https://core.trac.wordpress.org/changeset/29378             // This function has been deprecated in PHP 8.0 because in libxml 2.9.0, external entity loading is             // disabled by default, but is still needed when LIBXML_NOENT is used.             $loader = @libxml_disable_entity_loader(true);
            $XMLobject = simplexml_load_string($XMLstring, 'SimpleXMLElement', GETID3_LIBXML_OPTIONS);
            $return = self::SimpleXMLelement2array($XMLobject);
            @libxml_disable_entity_loader($loader);
            return $return;
        }
        return false;
    }

    /** * @param SimpleXMLElement|array|mixed $XMLobject * * @return mixed */

$imports </xsd:schema> EOF
        ;

        if ($this->shouldEnableEntityLoader()) {
            $disableEntities = libxml_disable_entity_loader(false);
            $valid = @$dom->schemaValidateSource($source);
            libxml_disable_entity_loader($disableEntities);
        } else {
            $valid = @$dom->schemaValidateSource($source);
        }
        foreach ($tmpfiles as $tmpfile) {
            @unlink($tmpfile);
        }

        return $valid;
    }

    

    private function _parse_xml( $response_body ) {
        if ( ! function_exists( 'libxml_disable_entity_loader' ) ) {
            return false;
        }

        if ( PHP_VERSION_ID < 80000 ) {
            /* * This function has been deprecated in PHP 8.0 because in libxml 2.9.0, external entity loading * is disabled by default, so this function is no longer needed to protect against XXE attacks. */
            $loader = libxml_disable_entity_loader( true );
        }

        $errors = libxml_use_internal_errors( true );

        $return = $this->_parse_xml_body( $response_body );

        libxml_use_internal_errors( $errors );

        if ( PHP_VERSION_ID < 80000 && isset( $loader ) ) {
            // phpcs:ignore PHPCompatibility.FunctionUse.RemovedFunctions.libxml_disable_entity_loaderDeprecated             libxml_disable_entity_loader( $loader );
        }