XML External Entity Example

    This example highlights XML code. It illustrates how to use an external entity reference handler to include and parse other documents, as well as how PIs can be processed, and a way of determining "trust" for PIs containing code.

    XML documents that can be used for this example are found below the example (xmltest.xml and xmltest2.xml.)

    Example #1 External Entity Example

    <?php
    $file     = "xmltest.xml";

    function     trustedFile($file)
    {
    // only trust local files owned by ourselves
    if (!preg_match("@^([a-z][a-z0-9+.-]*)\:\/\/@i", $file)
    &&     fileowner($file) == getmyuid()) {
    return     true;
    }
    return     false;
    }

    function     startElement($parser, $name, $attribs)
    {
    echo     "&lt;<font color=\"#0000cc\">$name</font>";
    if (    count($attribs)) {
    foreach (    $attribs as $k => $v) {
    echo     " <font color=\"#009900\">$k</font>=\"<font
    color=\"#990000\">    $v</font>\"";
    }
    }
    echo     "&gt;";
    }

    function     endElement($parser, $name)
    {
    echo     "&lt;/<font color=\"#0000cc\">$name</font>&gt;";
    }

    function     characterData($parser, $data)
    {
    echo     "<b>$data</b>";
    }

    function     PIHandler($parser, $target, $data)
    {
    switch (    strtolower($target)) {
    case     "php":
    global     $parser_file;
    // If the parsed document is "trusted", we say it is safe

    Example #2 xmltest.xml

    <?xml version='1.0'?> <!DOCTYPE chapter SYSTEM "/just/a/test.dtd" [ <!ENTITY plainEntity "FOO entity"> <!ENTITY systemEntity SYSTEM "xmltest2.xml"> ]> <chapter> <TITLE>Title &plainEntity;</TITLE> <para> <informaltable> <tgroup cols="3"> <tbody> <row><entry>a1</entry><entry morerows="1">b1</entry><entry>c1</entry></row> <row><entry>a2</entry><entry>c2</entry></row> <row><entry>a3</entry><entry>b3</entry><entry>c3</entry></row> </tbody> </tgroup> </informaltable> </para> &systemEntity; <section id="about"> <title>About this Document</title> <para> <!-- this is a comment --> <?php echo 'Hi! This is PHP version ' . phpversion(); ?> </para> </section> </chapter>

    This file is included from xmltest.xml:

    Example #3 xmltest2.xml

    <?xml version="1.0"?> <!DOCTYPE foo [ <!ENTITY testEnt "test entity"> ]> <foo> <element attrib="value"/> &testEnt; <?php echo "This is some more PHP code being executed."; ?> </foo>
    To Top