PHP XML_Security::disableExternalLoadOfEntities Examples

Example #1

File: Tracker_FormElement_Field_DateTest.php Project: pdaniel-frk/tuleap

 public function tearDown()
 {
     $this->xml_security->disableExternalLoadOfEntities();
     unset($GLOBALS['sys_incdir']);
     unset($GLOBALS['sys_custom_incdir']);
     unset($GLOBALS['Language']);
     parent::tearDown();
 }

Example #2

File: Tracker_ReportFactoryTest.php Project: pombredanne/tuleap

 public function tearDown()
 {
     $this->xml_security->disableExternalLoadOfEntities();
     foreach ($_SESSION as $key => $nop) {
         unset($_SESSION[$key]);
     }
     parent::tearDown();
 }

Example #3

File: TuleapSOAPServer.class.php Project: pombredanne/tuleap

 public function __construct($wsdl, array $options = null)
 {
     $xml_security = new XML_Security();
     $xml_security->enableExternalLoadOfEntities();
     parent::__construct($wsdl, $options);
     $xml_security->disableExternalLoadOfEntities();
 }

Example #4

File: SecurityTestPHP53.php Project: pombredanne/tuleap

 private function loadXML()
 {
     $xml_security = new XML_Security();
     $xml_security->disableExternalLoadOfEntities();
     $xml = simplexml_load_string($this->bad_xml);
     $xml_security->enableExternalLoadOfEntities();
     return $xml;
 }

Example #5

File: RNGValidator.class.php Project: pombredanne/tuleap

 public function validate(SimpleXMLElement $xml_element, $rng_path)
 {
     $dom = $this->simpleXmlElementToDomDocument($xml_element);
     $xml_security = new XML_Security();
     $xml_security->enableExternalLoadOfEntities();
     $is_valid = @$dom->relaxNGValidate($rng_path);
     $xml_security->disableExternalLoadOfEntities();
     if (!$is_valid) {
         $this->extractErrors($dom, $rng_path);
     }
 }

Example #6

File: SOAP_WSDLRenderer.class.php Project: pombredanne/tuleap

 /**
  * Output a html view of the given wsdl
  *
  * @param string $wsdl_uri https://example.com/plugins/statistics/soap/?wsdl
  */
 public function render($wsdl_uri)
 {
     $xml_security = new XML_Security();
     $xml_security->enableExternalLoadOfEntities();
     $proc = new XSLTProcessor();
     $xslDoc = new DOMDocument();
     $xslDoc->load(ForgeConfig::get('codendi_dir') . "/src/www/soap/wsdl-viewer.xsl");
     $proc->importStylesheet($xslDoc);
     $xmlDoc = new DOMDocument();
     $xmlDoc->loadXML(file_get_contents($wsdl_uri));
     echo $proc->transformToXML($xmlDoc);
     $xml_security->disableExternalLoadOfEntities();
 }

Example #7

File: pre.php Project: rinodung/tuleap

ForgeConfig::loadFromFile($GLOBALS['db_config_file']);
if (isset($GLOBALS['DEBUG_MODE'])) {
    ForgeConfig::loadFromFile($GLOBALS['codendi_dir'] . '/src/etc/development.inc.dist');
    ForgeConfig::loadFromFile(dirname($local_inc) . '/development.inc');
}
ForgeConfig::loadFromDatabase();
// Fix path if needed
if (isset($GLOBALS['htmlpurifier_dir'])) {
    ini_set('include_path', ini_get('include_path') . PATH_SEPARATOR . $GLOBALS['htmlpurifier_dir']);
}
if (isset($GLOBALS['jpgraph_dir'])) {
    ini_set('include_path', ini_get('include_path') . PATH_SEPARATOR . $GLOBALS['jpgraph_dir']);
}
define('TTF_DIR', isset($GLOBALS['ttf_font_dir']) ? $GLOBALS['ttf_font_dir'] : '/usr/share/fonts/');
$xml_security = new XML_Security();
$xml_security->disableExternalLoadOfEntities();
// Detect whether this file is called by a script running in cli mode, or in normal web mode
if (!defined('IS_SCRIPT')) {
    if (php_sapi_name() == "cli") {
        // Backend scripts should never ends because of lack of time or memory
        ini_set('max_execution_time', 0);
        ini_set('memory_limit', -1);
        define('IS_SCRIPT', true);
    } else {
        define('IS_SCRIPT', false);
    }
}
if (!IS_SCRIPT) {
    // Protection against clickjacking
    header('X-Frame-Options: SAMEORIGIN');
    $csp_rules = "frame-ancestors 'self'; ";

Example #8

File: MigrationManager.php Project: ndjido/tuleap

 private function exportTV3Data($tv3_id)
 {
     $this->logger->info('--> Export TV3 data ');
     $xml_path = $this->generateTemporaryPath();
     $indent_xsl_path = $this->getIndentXSLResourcePath();
     $xml = new DOMDocument("1.0", "UTF8");
     $dao = new ArtifactXMLExporterDao();
     $node_helper = new ArtifactXMLNodeHelper($xml);
     $attachment_exporter = new ArtifactAttachmentXMLLinker($node_helper, $dao);
     $exporter = new ArtifactXMLExporter($dao, $attachment_exporter, $node_helper, $this->logger);
     $exporter->exportTrackerData($tv3_id);
     $this->logger->info('<-- TV3 data exported ' . PHP_EOL);
     $xml_security = new XML_Security();
     $xml_security->enableExternalLoadOfEntities();
     $xsl = new DOMDocument();
     $xsl->load($indent_xsl_path);
     $proc = new XSLTProcessor();
     $proc->importStyleSheet($xsl);
     $xml_string = $proc->transformToXML($xml);
     $xml_security->disableExternalLoadOfEntities();
     if (file_put_contents($xml_path, $xml_string) !== strlen($xml_string)) {
         throw new Exception('Something went wrong when writing tv3 xml in ' . $xml_path);
     }
     return $xml_path;
 }

Example #9

File: Tracker_Semantic_TitleFactoryTest.php Project: pombredanne/tuleap

 public function tearDown()
 {
     $this->xml_security->disableExternalLoadOfEntities();
     parent::tearDown();
 }

Example #10

File: WorkflowFactoryTest.php Project: pombredanne/tuleap

 public function tearDown()
 {
     PermissionsManager::clearInstance();
     $this->xml_security->disableExternalLoadOfEntities();
     parent::tearDown();
 }

Example #11

File: HudsonBuildTest.php Project: pombredanne/tuleap

 public function tearDown()
 {
     unset($GLOBALS['Language']);
     $this->xml_security->disableExternalLoadOfEntities();
     parent::tearDown();
 }