charles
/
wkcrm
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '27b720957c'
${ noResults }
wkcrm/vendor/phpoffice/phpexcel/Documentation/markdown/ReadingSpreadsheetFiles/02-Security.md

621 B
Raw Blame History Escape

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

PHPExcel User Documentation Reading Spreadsheet Files

Security

XML-based formats such as OfficeOpen XML, Excel2003 XML, OASIS and Gnumeric are susceptible to XML External Entity Processing (XXE) injection attacks (for an explanation of XXE injection see http://websec.io/2012/08/27/Preventing-XEE-in-PHP.html) when reading spreadsheet files. This can lead to:

  • Disclosure whether a file is existent
  • Server Side Request Forgery
  • Command Execution (depending on the installed PHP wrappers)

To prevent this, PHPExcel sets libxml_disable_entity_loader to true for the XML-based Readers by default.