XmlParserService
in package
XML Parser Service — safe XML parsing with XXE protection.
All XML parsing in the framework SHOULD use this service to prevent XML External Entity (XXE) injection attacks. The service disables external entity loading and network access in the XML parser.
Table of Contents
Methods
- loadDom() : DOMDocument|null
- Load an XML string into a DOMDocument with XXE protection.
- loadDomFile() : DOMDocument|null
- Load an XML file into a DOMDocument with XXE protection.
- parseFile() : SimpleXMLElement|false
- Parse an XML file using SimpleXML with XXE protection.
- parseString() : SimpleXMLElement|false
- Parse an XML string using SimpleXML with XXE protection.
Methods
loadDom()
Load an XML string into a DOMDocument with XXE protection.
public
static loadDom(string $xml[, int $extraFlags = 0 ]) : DOMDocument|null
Parameters
- $xml : string
-
The XML string
- $extraFlags : int = 0
-
Additional libxml flags
Return values
DOMDocument|null —The parsed document, or null on failure
loadDomFile()
Load an XML file into a DOMDocument with XXE protection.
public
static loadDomFile(string $filepath[, int $extraFlags = 0 ]) : DOMDocument|null
Parameters
- $filepath : string
- $extraFlags : int = 0
Return values
DOMDocument|nullparseFile()
Parse an XML file using SimpleXML with XXE protection.
public
static parseFile(string $filepath[, string|null $className = null ][, int $extraFlags = 0 ]) : SimpleXMLElement|false
Parameters
- $filepath : string
-
Path to the XML file
- $className : string|null = null
-
Optional SimpleXMLElement subclass
- $extraFlags : int = 0
-
Additional libxml flags
Return values
SimpleXMLElement|falseparseString()
Parse an XML string using SimpleXML with XXE protection.
public
static parseString(string $xml[, string|null $className = null ][, int $extraFlags = 0 ]) : SimpleXMLElement|false
Parameters
- $xml : string
-
The XML string to parse
- $className : string|null = null
-
Optional SimpleXMLElement subclass
- $extraFlags : int = 0
-
Additional libxml flags to OR with safe defaults
Return values
SimpleXMLElement|false —The parsed document, or false on failure