From 7d922e6776565b929dd3e257870d6b2ceedb96c3 Mon Sep 17 00:00:00 2001
From: Adrien Loison <aloison@box.com>
Date: Wed, 1 Jul 2015 14:04:34 -0700
Subject: [PATCH] Prevent entity loading when reading XML

Added LIBXML_NOENT option when reading a XML file
libxml_disable_entity_loader(true) cannot be used because it disables
the use of XMLReader::open()... see https://bugs.php.net/bug.php?id=62577
---
 src/Spout/Reader/Helper/XLSX/SharedStringsHelper.php | 2 +-
 src/Spout/Reader/XLSX.php                            | 2 +-
 tests/Spout/Reader/XLSXTest.php                      | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/Spout/Reader/Helper/XLSX/SharedStringsHelper.php b/src/Spout/Reader/Helper/XLSX/SharedStringsHelper.php
index ab33725..103f337 100644
--- a/src/Spout/Reader/Helper/XLSX/SharedStringsHelper.php
+++ b/src/Spout/Reader/Helper/XLSX/SharedStringsHelper.php
@@ -112,7 +112,7 @@ class SharedStringsHelper
         $escaper = new \Box\Spout\Common\Escaper\XLSX();
 
         $sharedStringsFilePath = $this->getSharedStringsFilePath();
-        if ($xmlReader->open($sharedStringsFilePath, null, LIBXML_NONET) === false) {
+        if ($xmlReader->open($sharedStringsFilePath, null, LIBXML_NOENT|LIBXML_NONET) === false) {
             throw new IOException('Could not open "' . self::SHARED_STRINGS_XML_FILE_PATH . '".');
         }
 
diff --git a/src/Spout/Reader/XLSX.php b/src/Spout/Reader/XLSX.php
index 83bee9d..5471f85 100644
--- a/src/Spout/Reader/XLSX.php
+++ b/src/Spout/Reader/XLSX.php
@@ -158,7 +158,7 @@ class XLSX extends AbstractReader
         $worksheetDataXMLFilePath = $worksheet->getDataXmlFilePath();
 
         $worksheetDataFilePath = 'zip://' . $this->filePath . '#' . $worksheetDataXMLFilePath;
-        if ($this->xmlReader->open($worksheetDataFilePath, null, LIBXML_NONET) === false) {
+        if ($this->xmlReader->open($worksheetDataFilePath, null, LIBXML_NOENT|LIBXML_NONET) === false) {
             throw new IOException('Could not open "' . $worksheetDataXMLFilePath . '".');
         }
     }
diff --git a/tests/Spout/Reader/XLSXTest.php b/tests/Spout/Reader/XLSXTest.php
index f611db4..5856887 100644
--- a/tests/Spout/Reader/XLSXTest.php
+++ b/tests/Spout/Reader/XLSXTest.php
@@ -250,7 +250,7 @@ class XLSXTest extends \PHPUnit_Framework_TestCase
     {
         $allRows = $this->getAllRowsForFile('billion_laughs_test_file.xlsx');
 
-        $expectedMaxMemoryUsage = 20 * 1024 * 1024; // 20MB
+        $expectedMaxMemoryUsage = 30 * 1024 * 1024; // 30MB
         $this->assertLessThan($expectedMaxMemoryUsage, memory_get_peak_usage(true), 'Entities should not be expanded and therefore consume all the memory.');
 
         $expectedFirstRow = ['s1--A1', 's1--B1', 's1--C1', 's1--D1', 's1--E1'];