Update security section in Reader documentation
This commit is contained in:
		
							parent
							
								
									1abf061df3
								
							
						
					
					
						commit
						16c1a19d34
					
				
										
											Binary file not shown.
										
									
								
							| @ -10,15 +10,4 @@ XML-based formats such as OfficeOpen XML, Excel2003 XML, OASIS and Gnumeric are | ||||
|  - Command Execution (depending on the installed PHP wrappers) | ||||
|   | ||||
| 
 | ||||
| To prevent this, PHPExcel sets the LIBXML_DTDLOAD and LIBXML_DTDATTR settings for the XML Readers by default.  | ||||
| 
 | ||||
| 
 | ||||
| Should you ever need to change these settings, the following method is available through the PHPExcel_Settings: | ||||
| 
 | ||||
| ``` | ||||
| PHPExcel_Settings::setLibXmlLoaderOptions(); | ||||
| ``` | ||||
| 
 | ||||
| Allowing you to specify the XML loader settings that those that you want to use instead. | ||||
| 
 | ||||
|  > While PHPExcel protects you with its default settings, if you do change these settings yourself, then you're responsible for ensuring that your XML-based formats aren't open to XXE injection. | ||||
| To prevent this, PHPExcel sets `libxml_disable_entity_loader` to `true` for the XML-based Readers by default.  | ||||
		Loading…
	
		Reference in New Issue
	
	Block a user
	 Mark Baker
						Mark Baker