...

...

@@ -1,6 +1,5 @@

1

1

<?xml version="1.0" encoding="utf-8"?>

2

2

<!-- $Revision$ -->

3

-

4

3

<refentry xml:id="function.libxml-set-external-entity-loader" xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink">

5

4

<refnamediv>

6

5

<refname>libxml_set_external_entity_loader</refname>

...

...

@@ -11,10 +10,13 @@

11

10

&reftitle.description;

12

11

<methodsynopsis>

13

12

<type>bool</type><methodname>libxml_set_external_entity_loader</methodname>

14

-

<methodparam><type>callable</type><parameter>resolver_function</parameter></methodparam>

13

+

<methodparam><type class="union"><type>callable</type><type>null</type></type><parameter>resolver_function</parameter></methodparam>

15

14

</methodsynopsis>

16

15

<para>

17

16

Changes the default external entity loader.

17

+

This can be used to suppress the expansion of arbitrary external entities to avoid XXE attacks,

18

+

even when <constant>LIBXML_NOENT</constant> has been set for the respective operation,

19

+

and is usually preferable over calling <function>libxml_disable_entity_loader</function>.

18

20

</para>

19

21

</refsect1>

20

22

...

...

@@ -25,10 +27,42 @@

25

27

<term><parameter>resolver_function</parameter></term>

26

28

<listitem>

27

29

<para>

28

-

A <type>callable</type> that takes three arguments. Two strings, a public id

29

-

and system id, and a context (an array with four keys) as the third argument.

30

-

This callback should return a resource, a string from which a resource can be

31

-

opened, or &null;.

30

+

A <type>callable</type> with the following signature:

31

+

<methodsynopsis>

32

+

<type class="union"><type>resource</type><type>string</type><type>null</type></type><methodname><replaceable>resolver</replaceable></methodname>

33

+

<methodparam><type class="union"><type>string</type><type>null</type></type><parameter>public_id</parameter></methodparam>

34

+

<methodparam><type>string</type><parameter>system_id</parameter></methodparam>

35

+

<methodparam><type>array</type><parameter>context</parameter></methodparam>

36

+

</methodsynopsis>

37

+

<variablelist>

38

+

<varlistentry>

39

+

<term><parameter>public_id</parameter></term>

40

+

<listitem>

41

+

<simpara>

42

+

The public ID.

43

+

</simpara>

44

+

</listitem>

45

+

</varlistentry>

46

+

<varlistentry>

47

+

<term><parameter>system_id</parameter></term>

48

+

<listitem>

49

+

<simpara>

50

+

The system ID.

51

+

</simpara>

52

+

</listitem>

53

+

</varlistentry>

54

+

<varlistentry>

55

+

<term><parameter>context</parameter></term>

56

+

<listitem>

57

+

<simpara>

58

+

An array with the four elements <literal>"directory"</literal>, <literal>"intSubName"</literal>,

59

+

<literal>"extSubURI"</literal> and <literal>"extSubSystem"</literal>.

60

+

</simpara>

61

+

</listitem>

62

+

</varlistentry>

63

+

</variablelist>

64

+

This callable should return a &resource;, a &string; from which a resource can be

65

+

opened. If &null; is returned, the entity reference resolution will fail.

32

66

</para>

33

67

</listitem>

34

68

</varlistentry>

...

...

@@ -101,12 +135,12 @@ bool(true)

101

135

<para>

102

136

<simplelist>

103

137

<member><function>libxml_disable_entity_loader</function></member>

138

+

<member><function>libxml_get_external_entity_loader</function></member>

104

139

</simplelist>

105

140

</para>

106

141

</refsect1>

107

142

108

143

</refentry>

109

-

110

144

<!-- Keep this comment at the end of the file

111

145

Local variables:

112

146

mode: sgml

113

147