RetailCRM-Mirror/PHPExcel
1
0
Fork 0
mirror of https://github.com/retailcrm/PHPExcel.git synced 2025-04-03 21:33:36 +03:00
Code Issues Projects Releases Wiki Activity

Update security section in Reader documentation

Browse source
This commit is contained in:
Mark Baker 2014-02-21 10:21:04 +00:00
parent 1abf061df3
commit 16c1a19d34
2 changed files with 1 additions and 12 deletions

BIN
Documentation/PHPExcel User Documentation - Reading Spreadsheet Files.doc
View file

Binary file not shown.

13
Documentation/markdown/ReadingSpreadsheetFiles/02-Security.md
View file

@ -10,15 +10,4 @@ XML-based formats such as OfficeOpen XML, Excel2003 XML, OASIS and Gnumeric are
- Command Execution (depending on the installed PHP wrappers)
To prevent this, PHPExcel sets the LIBXML_DTDLOAD and LIBXML_DTDATTR settings for the XML Readers by default.
Should you ever need to change these settings, the following method is available through the PHPExcel_Settings:
```
PHPExcel_Settings::setLibXmlLoaderOptions();
```
Allowing you to specify the XML loader settings that those that you want to use instead.
> While PHPExcel protects you with its default settings, if you do change these settings yourself, then you're responsible for ensuring that your XML-based formats aren't open to XXE injection.
To prevent this, PHPExcel sets `libxml_disable_entity_loader` to `true` for the XML-based Readers by default.