Rename checkXEE() to checkXXE()

2026-01-09 03:32:00 +09:00 · 2018-10-18 14:21:08 +09:00 · 2018-10-18 14:21:08 +09:00 · af64ae79c1
commit af64ae79c1
parent 6a7b1e3fd2
4 changed files with 15 additions and 14 deletions
--- a/classes/context/Context.class.php
+++ b/classes/context/Context.class.php
@ -1206,7 +1206,7 @@ class Context
 		{
 			if(self::getRequestMethod() === 'XMLRPC')
 			{
-				if(!Rhymix\Framework\Security::checkXEE($GLOBALS['HTTP_RAW_POST_DATA']))
+				if(!Rhymix\Framework\Security::checkXXE($GLOBALS['HTTP_RAW_POST_DATA']))
 				{
 					header("HTTP/1.0 400 Bad Request");
 					exit;
--- a/classes/security/Security.class.php
+++ b/classes/security/Security.class.php
@ -185,7 +185,7 @@ class Security
 	 */
 	public static function detectingXEE($xml)
 	{
-		return !Rhymix\Framework\Security::checkXEE($xml);
+		return !Rhymix\Framework\Security::checkXXE($xml);
 	}
 }
 /* End of file : Security.class.php */
--- a/common/framework/security.php
+++ b/common/framework/security.php
@ -350,16 +350,17 @@ class Security
 	}
 	
 	/**
-	 * Check if the current request seems to be an XEE attack.
+	 * Check if the current request seems to be an XXE (XML external entity) attack.
 	 * 
 	 * This method returns true if the request seems to be innocent,
-	 * and false if it seems to be an XEE attack.
-	 * This is the opposite of XE's Security::detectXEE() method.
+	 * and false if it seems to be an XXE attack.
+	 * This is the opposite of XE's Security::detectingXEE() method.
+	 * The name has also been changed to the more accurate acronym XXE.
 	 * 
 	 * @param string $xml (optional)
 	 * @return bool
 	 */
-	public static function checkXEE($xml = null)
+	public static function checkXXE($xml = null)
 	{
 		// Stop if there is no XML content.
 		if (!$xml)
--- a/tests/unit/framework/SecurityTest.php
+++ b/tests/unit/framework/SecurityTest.php
@ -145,27 +145,27 @@ class SecurityTest extends \Codeception\TestCase\Test
 		error_reporting($error_reporting);
 	}
 	
-	public function testCheckXEE()
+	public function testCheckXXE()
 	{
 		$xml = '<methodCall></methodCall>';
-		$this->assertTrue(Rhymix\Framework\Security::checkXEE($xml));
+		$this->assertTrue(Rhymix\Framework\Security::checkXXE($xml));
 		
 		$xml = '<?xml version="1.0" encoding="UTF-8"?><methodCall></methodCall>';
-		$this->assertTrue(Rhymix\Framework\Security::checkXEE($xml));
+		$this->assertTrue(Rhymix\Framework\Security::checkXXE($xml));
 		
 		$xml = '<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE foo><methodCall attr="value"></methodCall>';
-		$this->assertTrue(Rhymix\Framework\Security::checkXEE($xml));
+		$this->assertTrue(Rhymix\Framework\Security::checkXXE($xml));
 		
 		$xml = '<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE foo><whatever></whatever>';
-		$this->assertFalse(Rhymix\Framework\Security::checkXEE($xml));
+		$this->assertFalse(Rhymix\Framework\Security::checkXXE($xml));
 		
 		$xml = '<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE foo>';
-		$this->assertFalse(Rhymix\Framework\Security::checkXEE($xml));
+		$this->assertFalse(Rhymix\Framework\Security::checkXXE($xml));
 		
 		$xml = '<?xml version="1.0" encoding="UTF-8"?><!ENTITY xxe SYSTEM "http://www.attacker.com/text.txt"><methodCall></methodCall>';
-		$this->assertFalse(Rhymix\Framework\Security::checkXEE($xml));
+		$this->assertFalse(Rhymix\Framework\Security::checkXXE($xml));
 		
 		$xml = '<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:///etc/passwd" >]><fault></fault>';
-		$this->assertFalse(Rhymix\Framework\Security::checkXEE($xml));
+		$this->assertFalse(Rhymix\Framework\Security::checkXXE($xml));
 	}
 }