scanFile($filename); self::assertEquals($expectedResult, $result); libxml_disable_entity_loader($oldDisableEntityLoaderState); } public function providerValidXML() { $tests = []; foreach (glob('tests/data/Reader/Xml/XEETestValid*.xml') as $file) { $filename = realpath($file); $expectedResult = file_get_contents($file); $tests[basename($file) . '_libxml_entity_loader_disabled'] = [$filename, $expectedResult, true]; $tests[basename($file) . '_libxml_entity_loader_enabled'] = [$filename, $expectedResult, false]; } return $tests; } /** * @dataProvider providerInvalidXML * * @param mixed $filename * @param $libxmlDisableEntityLoader */ public function testInvalidXML($filename, $libxmlDisableEntityLoader) { $this->expectException(\PhpOffice\PhpSpreadsheet\Reader\Exception::class); libxml_disable_entity_loader($libxmlDisableEntityLoader); $reader = XmlScanner::getInstance(new \PhpOffice\PhpSpreadsheet\Reader\Xml()); $expectedResult = 'FAILURE: Should throw an Exception rather than return a value'; $result = $reader->scanFile($filename); self::assertEquals($expectedResult, $result); self::assertEquals($libxmlDisableEntityLoader, libxml_disable_entity_loader()); } public function providerInvalidXML() { $tests = []; foreach (glob('tests/data/Reader/Xml/XEETestInvalidUTF*.xml') as $file) { $filename = realpath($file); $tests[basename($file) . '_libxml_entity_loader_disabled'] = [$filename, true]; $tests[basename($file) . '_libxml_entity_loader_enabled'] = [$filename, false]; } return $tests; } public function testGetSecurityScannerForXmlBasedReader() { $fileReader = new Xlsx(); $scanner = $fileReader->getSecurityScanner(); // Must return an object... self::assertIsObject($scanner); // ... of the correct type $this->assertInstanceOf(XmlScanner::class, $scanner); } public function testGetSecurityScannerForNonXmlBasedReader() { $fileReader = new Xls(); $scanner = $fileReader->getSecurityScanner(); // Must return a null... $this->assertNull($scanner); } /** * @dataProvider providerValidXMLForCallback * * @param mixed $filename * @param mixed $expectedResult */ public function testSecurityScanWithCallback($filename, $expectedResult) { $fileReader = new Xlsx(); $scanner = $fileReader->getSecurityScanner(); $scanner->setAdditionalCallback('strrev'); $xml = $scanner->scanFile($filename); $this->assertEquals(strrev($expectedResult), $xml); } public function providerValidXMLForCallback() { $tests = []; foreach (glob('tests/data/Reader/Xml/SecurityScannerWithCallback*.xml') as $file) { $tests[basename($file)] = [realpath($file), file_get_contents($file)]; } return $tests; } public function testLibxmlDisableEntityLoaderIsRestoredWithoutShutdown() { $reader = new Xlsx(); unset($reader); $reader = new \XMLReader(); $opened = $reader->open('tests/data/Reader/Xml/SecurityScannerWithCallbackExample.xml'); $this->assertTrue($opened); } public function testEncodingAllowsMixedCase() { $scanner = new XmlScanner(); $output = $scanner->scan($input = 'bar'); $this->assertSame($input, $output); } }