"Fossies" - the Fresh Open Source Software Archive

Member "groupoffice-6.4.210-php-71/vendor/phpoffice/phpexcel/Documentation/markdown/ReadingSpreadsheetFiles/02-Security.md" (22 Nov 2018, 621 Bytes) of package /linux/www/groupoffice-6.4.210-php-71.tar.gz:

As a special service "Fossies" has tried to format the requested source page into HTML format (assuming markdown format). Alternatively you can here view or download the uninterpreted source code file. A member file download can also be achieved by clicking within a package contents listing on the according byte size field.

PHPExcel User Documentation – Reading Spreadsheet Files


XML-based formats such as OfficeOpen XML, Excel2003 XML, OASIS and Gnumeric are susceptible to XML External Entity Processing (XXE) injection attacks (for an explanation of XXE injection see http://websec.io/2012/08/27/Preventing-XEE-in-PHP.html) when reading spreadsheet files. This can lead to:

To prevent this, PHPExcel sets libxml_disable_entity_loader to true for the XML-based Readers by default.