libxml_set_external_entity_loader

libxml_set_external_entity_loader

Changes the default external entity loader

true **libxml_set_external_entity_loader**  $resolver_function

Changes the default external entity loader. This can be used to suppress the expansion of arbitrary external entities to avoid XXE attacks, even when has been set for the respective operation, and is usually preferable over calling . LIBXML_NOENT``libxml_disable_entity_loader

resolver_function A with the following signature:

  This callable should return a resource, a string from which a resource can be
  opened. If null is returned, the entity reference resolution will fail.
 `callable````php

**** $public_id string $system_id array $context

`public_id`The public ID.

`system_id`The system ID.

`context`
          An array with the four elements , ,
           and .
         `"directory"``"intSubName"``"extSubURI"``"extSubSystem"`



return.true.always


   
  **Voorbeeld:  example**

```php
<?php
$xml = <<<XML
<!DOCTYPE foo PUBLIC "-//FOO/BAR" "http://example.com/foobar">
<foo>bar</foo>
XML;

$dtd = <<<DTD
<!ELEMENT foo (#PCDATA)>
DTD;

libxml_set_external_entity_loader(
    function ($public, $system, $context) use($dtd) {
        var_dump($public);
        var_dump($system);
        var_dump($context);
        $f = fopen("php://temp", "r+");
        fwrite($f, $dtd);
        rewind($f);
        return $f;
    }
);

$dd = new DOMDocument;
$r  = $dd->loadXML($xml);

var_dump($dd->validate());
?>

string(10) "-//FOO/BAR"
string(25) "http://example.com/foobar"
array(4) {
    ["directory"]    => NULL
    ["intSubName"]   => NULL
    ["extSubURI"]    => NULL
    ["extSubSystem"] => NULL
}
bool(true)

libxml_disable_entity_loader``libxml_get_external_entity_loader