fix #1227 SECISSUE

- XXE 취약점 문제 해결 - Drupal의 소스코드를 참고하여 `Security::detectingXEE()` 추가 - 90e884ad0f - blogapi 애드온 및 `Context::_setXmlRpcArgument()`에서 취약점 방어 - 제보 : 한국인터넷진흥원
2026-01-06 18:21:39 +09:00 · 2015-02-04 13:49:21 +09:00 · 2015-02-04 13:49:21 +09:00 · a33a4b3081
commit a33a4b3081
parent 14ffdbe5f0
3 changed files with 68 additions and 3 deletions
--- a/classes/security/Security.class.php
+++ b/classes/security/Security.class.php
@ -175,6 +175,55 @@ class Security
 		return $var;
 	}

+	/**
+	 * @brief check XML External Entity
+	 *
+	 * @see from drupal. https://github.com/drupal/drupal/commit/90e884ad0f7f2cf269d953f7d70966de9fd821ff
+	 *
+	 * @param string $xml
+	 * @return bool
+	 */
+	static function detectingXEE($xml)
+	{
+		if(!$xml) return FALSE;
+
+		if(strpos($xml, '<!ENTITY') !== FALSE)
+		{
+			return TRUE;
+		}
+
+		// Strip XML declaration.
+		$header = preg_replace('/<\?xml.*?\?'.'>/s', '', substr($xml, 0, 100), 1);
+		$xml = trim(substr_replace($xml, $header, 0, 100));
+		if($xml == '')
+		{
+			return TRUE;
+		}
+
+		// Strip DTD.
+		$header = preg_replace('/^<!DOCTYPE[^>]*+>/i', '', substr($xml, 0, 200), 1);
+		$xml = trim(substr_replace($xml, $header, 0, 200));
+		if($xml == '')
+		{
+			return TRUE;
+		}
+
+		// Confirm the XML now starts with a valid root tag. A root tag can end in [> \t\r\n]
+		$root_tag = substr($xml, 0, strcspn(substr($xml, 0, 20), "> \t\r\n"));
+
+		// Reject a second DTD.
+		if(strtoupper($root_tag) == '<!DOCTYPE')
+		{
+			return TRUE;
+		}
+
+		if(!in_array($root_tag, array('<methodCall', '<methodResponse', '<fault')))
+		{
+			return TRUE;
+		}
+
+		return FALSE;
+	}
 }
 /* End of file : Security.class.php */
 /* Location: ./classes/security/Security.class.php */