pattern = $pattern; } public static function getInstance(Reader\IReader $reader): self { $pattern = ($reader instanceof Reader\Html) ? 'callback = $callback; } private static function forceString(mixed $arg): string { return is_string($arg) ? $arg : ''; } private function toUtf8(string $xml): string { $charset = $this->findCharSet($xml); $foundUtf7 = $charset === 'UTF-7'; if ($charset !== 'UTF-8') { $testStart = '/^.{0,4}\s*pattern, 1, 'UTF-8')) . '\0*/'; $xml = "$xml"; if (preg_match($pattern, $xml)) { throw new Reader\Exception('Detected use of ENTITY in XML, spreadsheet file load() aborted to prevent XXE/XEE attacks'); } $xml = $this->toUtf8($xml); if (preg_match($pattern, $xml)) { throw new Reader\Exception('Detected use of ENTITY in XML, spreadsheet file load() aborted to prevent XXE/XEE attacks'); } if ($this->callback !== null) { $xml = call_user_func($this->callback, $xml); } /** @var string $xml */ return $xml; } /** * Scan the XML for use of scan(file_get_contents($filestream)); } }