Merge remote-tracking branch 'origin/master'

# Conflicts:
#	Classes/PHPExcel/Calculation/Functions.php
#	Classes/PHPExcel/Worksheet.php
#	Classes/PHPExcel/Worksheet/CellIterator.php

Classes/PHPExcel/Calculation/Functions.php

@@ -523,10 +523,9 @@ class PHPExcel_Calculation_Functions
 	 *
 	 * @return	string	Version information
 	 */
-    public static function VERSION()
+	public static function VERSION() {
-    {
+		return 'PHPExcel 1.8.2, 2018-11-22';
-        return 'PHPExcel ##VERSION##, ##DATE##';
+	}	//	function VERSION()
-    }
 
 
     /**

Classes/PHPExcel/Reader/Abstract.php

@@ -269,6 +269,18 @@ abstract class PHPExcel_Reader_Abstract implements PHPExcel_Reader_IReader
      */
     public function securityScan($xml)
     {
+        $pattern = '/encoding="(.*?)"/';
+        $result = preg_match($pattern, $xml, $matches);
+        if ($result) {
+            $charset = $matches[1];
+        } else {
+            $charset = 'UTF-8';
+        }
+
+        if ($charset !== 'UTF-8') {
+            $xml = mb_convert_encoding($xml, 'UTF-8', $charset);
+        }
+
         $pattern = '/\\0?' . implode('\\0?', str_split('<!DOCTYPE')) . '\\0?/';
         if (preg_match($pattern, $xml)) {
             throw new PHPExcel_Reader_Exception('Detected use of ENTITY in XML, spreadsheet file load() aborted to prevent XXE/XEE attacks');

changelog.txt

@@ -23,7 +23,8 @@
 **************************************************************************************
 
 
-Planned for 1.8.2
+2018-11-22 (v1.8.2):
+- Security  (MBaker)                            - Fix and improve XXE security scanning for XML-based Readers
 - Bugfix:   (MBaker)                            - Fix to getCell() method when cell reference includes a worksheet reference
 - Bugfix:   (ncrypthic)       Work Item GH-570  - Ignore inlineStr type if formula element exists
 - Bugfix:   (hernst42)        Work Item GH-709  - Fixed missing renames of writeRelationShip (from _writeRelationShip)