aschwarz/prognose_ludwigsburg
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
PHPExcel
Classes
Documentation
Examples
assets
markdown
CalculationEngine
Features
Functions
Overview
ReadingSpreadsheetFiles
01-File-Formats.md
02-Security.md
03-Loading-a-Spreadsheet.md
04-Loading-with-a-Reader.md
05-Reader-Options.md
06-Error-Handling.md
07-Helper-Methods.md
FunctionListByCategory.txt
FunctionListByName.txt
Functionality Cross-Reference.xls
PHPExcel AutoFilter Reference developer documentation.doc
PHPExcel Function Reference developer documentation.doc
PHPExcel User Documentation - Reading Spreadsheet Files.doc
PHPExcel developer documentation.doc
Examples
.gitattributes
.gitignore
.travis.yml
changelog.txt
composer.json
install.txt
license.md
chart
classes
config
datepicker
html2pdf_v4.03
language
lib
overlib
progress
templates
templates_c
admin_bearbeiten.php
config.inc.php
detail_prof.php
detail_prof_pdf.php
erf_besausg.php
erf_besschnitt.php
erf_deltas.php
erf_grundgehalt.php
erf_lb_bz.php
erf_lb_einmal.php
erf_lb_fz.php
erf_lz.php
erf_vza.php
func_LB_BZ.php
func_LB_BZ_fiktiv.php
func_LB_FZ.php
func_LB_FZ_alt.php
func_LB_LZ.php
func_LB_einmal.php
func_LB_obergrenze.php
func_LB_obergrenze_Limit.php
func_LB_obergrenze_Limit_stufe1.php
func_LB_obergrenze_Limit_stufe2.php
func_agent.php
func_besschnitt.php
func_doz_nachbes.php
func_doz_synopse.php
func_genUser.php
func_gesamtberechnung.php
func_grundgehalt.php
func_rollenrechte.php
func_zusammenstellung.php
funktionen_bearbeiten.php
graph_einzeljahr.php
graph_jahre.php
hauptframe.php
index.php
indexframe.php
jahrgang.php
korr_verg.php
load.php
login_log.php
logout.php
lzb_excel.php
menuframe.php
parameter.php
pdf_jahr.php
prof_anlegen.php
prof_bearbeiten.php
prof_bearbeiten.php_20180314
prognose.sql
rollen.php
topframe.php
ubersicht_jahr.php
ubersicht_jahr.php_20180829
user_anlegen.php
user_bearbeiten.php
useronline.php
535741001ed113927bce16189f610de34edb82b2
prognose_ludwigsburg/PHPExcel/Documentation/markdown/ReadingSpreadsheetFiles/02-Security.md
aschwarz 535741001e first commit
2023-04-26 13:17:21 +02:00

13 lines
622 B
Markdown
Executable File
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# PHPExcel User Documentation Reading Spreadsheet Files
## Security
XML-based formats such as OfficeOpen XML, Excel2003 XML, OASIS and Gnumeric are susceptible to XML External Entity Processing (XXE) injection attacks (for an explanation of XXE injection see https://websec.io/2012/08/27/Preventing-XEE-in-PHP.html) when reading spreadsheet files. This can lead to:
- Disclosure whether a file is existent
- Server Side Request Forgery
- Command Execution (depending on the installed PHP wrappers)
To prevent this, PHPExcel sets `libxml_disable_entity_loader` to `true` for the XML-based Readers by default.
Reference in New Issue View Git Blame Copy Permalink