From d4eab49815017e2dfbfb835ad77bb20989b4afca Mon Sep 17 00:00:00 2001
From: MarkBaker <mark@lange.demon.co.uk>
Date: Wed, 3 Jul 2019 18:34:11 +0200
Subject: [PATCH] case-insensitive charset name in xml scanner

---
 src/PhpSpreadsheet/Reader/Security/XmlScanner.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/PhpSpreadsheet/Reader/Security/XmlScanner.php b/src/PhpSpreadsheet/Reader/Security/XmlScanner.php
index 62247618..732f0bf6 100644
--- a/src/PhpSpreadsheet/Reader/Security/XmlScanner.php
+++ b/src/PhpSpreadsheet/Reader/Security/XmlScanner.php
@@ -100,7 +100,7 @@ class XmlScanner
             $xml = mb_convert_encoding($xml, 'UTF-8', $charset);
 
             $result = preg_match($pattern, $xml, $matches);
-            $charset = $result ? $matches[1] : 'UTF-8';
+            $charset = strtoupper($result ? $matches[1] : 'UTF-8');
             if ($charset !== 'UTF-8') {
                 throw new Reader\Exception('Suspicious Double-encoded XML, spreadsheet file load() aborted to prevent XXE/XEE attacks');
             }