Update security section in Reader documentation
This commit is contained in:
parent
1abf061df3
commit
16c1a19d34
Binary file not shown.
|
@ -10,15 +10,4 @@ XML-based formats such as OfficeOpen XML, Excel2003 XML, OASIS and Gnumeric are
|
|||
- Command Execution (depending on the installed PHP wrappers)
|
||||
|
||||
|
||||
To prevent this, PHPExcel sets the LIBXML_DTDLOAD and LIBXML_DTDATTR settings for the XML Readers by default.
|
||||
|
||||
|
||||
Should you ever need to change these settings, the following method is available through the PHPExcel_Settings:
|
||||
|
||||
```
|
||||
PHPExcel_Settings::setLibXmlLoaderOptions();
|
||||
```
|
||||
|
||||
Allowing you to specify the XML loader settings that those that you want to use instead.
|
||||
|
||||
> While PHPExcel protects you with its default settings, if you do change these settings yourself, then you're responsible for ensuring that your XML-based formats aren't open to XXE injection.
|
||||
To prevent this, PHPExcel sets `libxml_disable_entity_loader` to `true` for the XML-based Readers by default.
|
Loading…
Reference in New Issue