| Server IP : 199.250.214.225 / Your IP : 18.188.227.51 Web Server : Apache System : Linux vps64074.inmotionhosting.com 3.10.0-1160.105.1.vz7.214.3 #1 SMP Tue Jan 9 19:45:01 MSK 2024 x86_64 User : nicngo5 ( 1001) PHP Version : 7.4.33 Disable Function : exec,passthru,shell_exec,system MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : ON | Pkexec : OFF Directory : /home/nicngo5/funds/vendor/phpoffice/phpexcel/Documentation/markdown/ReadingSpreadsheetFiles/ |
Upload File : |
# PHPExcel User Documentation – Reading Spreadsheet Files ## Security XML-based formats such as OfficeOpen XML, Excel2003 XML, OASIS and Gnumeric are susceptible to XML External Entity Processing (XXE) injection attacks (for an explanation of XXE injection see http://websec.io/2012/08/27/Preventing-XEE-in-PHP.html) when reading spreadsheet files. This can lead to: - Disclosure whether a file is existent - Server Side Request Forgery - Command Execution (depending on the installed PHP wrappers) To prevent this, PHPExcel sets `libxml_disable_entity_loader` to `true` for the XML-based Readers by default.