<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="content-type" content="text/html; charset=UTF-8"> <title>XML External Entity Example</title> </head> <body><div class="manualnavbar" style="text-align: center;"> <div class="prev" style="text-align: left; float: left;"><a href="example.xml-map-tags.html">XML Tag Mapping Example</a></div> <div class="next" style="text-align: right; float: right;"><a href="ref.xml.html">XML Parser Functions</a></div> <div class="up"><a href="xml.examples.html">Examples</a></div> <div class="home"><a href="index.html">PHP Manual</a></div> </div><hr /><div id="example.xml-external-entity" class="section"> <h2 class="title">XML External Entity Example</h2> <p class="para"> This example highlights XML code. It illustrates how to use an external entity reference handler to include and parse other documents, as well as how PIs can be processed, and a way of determining "trust" for PIs containing code. </p> <p class="para"> XML documents that can be used for this example are found below the example (<var class="filename">xmltest.xml</var> and <var class="filename">xmltest2.xml</var>.) </p> <p class="para"> <div class="example" id="example-5528"> <p><strong>Example #1 External Entity Example</strong></p> <div class="example-contents"> <div class="phpcode"><code><span style="color: #000000"> <span style="color: #0000BB"><?php<br />$file </span><span style="color: #007700">= </span><span style="color: #DD0000">"xmltest.xml"</span><span style="color: #007700">;<br /><br />function </span><span style="color: #0000BB">trustedFile</span><span style="color: #007700">(</span><span style="color: #0000BB">$file</span><span style="color: #007700">) <br />{<br /> </span><span style="color: #FF8000">// only trust local files owned by ourselves<br /> </span><span style="color: #007700">if (!</span><span style="color: #0000BB">preg_match</span><span style="color: #007700">(</span><span style="color: #DD0000">"@^([a-z]+)\:\/\/@i"</span><span style="color: #007700">, </span><span style="color: #0000BB">$file</span><span style="color: #007700">) <br /> && </span><span style="color: #0000BB">fileowner</span><span style="color: #007700">(</span><span style="color: #0000BB">$file</span><span style="color: #007700">) == </span><span style="color: #0000BB">getmyuid</span><span style="color: #007700">()) {<br /> return </span><span style="color: #0000BB">true</span><span style="color: #007700">;<br /> }<br /> return </span><span style="color: #0000BB">false</span><span style="color: #007700">;<br />}<br /><br />function </span><span style="color: #0000BB">startElement</span><span style="color: #007700">(</span><span style="color: #0000BB">$parser</span><span style="color: #007700">, </span><span style="color: #0000BB">$name</span><span style="color: #007700">, </span><span style="color: #0000BB">$attribs</span><span style="color: #007700">) <br />{<br /> echo </span><span style="color: #DD0000">"&lt;<font color=\"#0000cc\"></span><span style="color: #0000BB">$name</span><span style="color: #DD0000"></font>"</span><span style="color: #007700">;<br /> if (</span><span style="color: #0000BB">count</span><span style="color: #007700">(</span><span style="color: #0000BB">$attribs</span><span style="color: #007700">)) {<br /> foreach (</span><span style="color: #0000BB">$attribs </span><span style="color: #007700">as </span><span style="color: #0000BB">$k </span><span style="color: #007700">=> </span><span style="color: #0000BB">$v</span><span style="color: #007700">) {<br /> echo </span><span style="color: #DD0000">" <font color=\"#009900\"></span><span style="color: #0000BB">$k</span><span style="color: #DD0000"></font>=\"<font <br /> color=\"#990000\"></span><span style="color: #0000BB">$v</span><span style="color: #DD0000"></font>\""</span><span style="color: #007700">;<br /> }<br /> }<br /> echo </span><span style="color: #DD0000">"&gt;"</span><span style="color: #007700">;<br />}<br /><br />function </span><span style="color: #0000BB">endElement</span><span style="color: #007700">(</span><span style="color: #0000BB">$parser</span><span style="color: #007700">, </span><span style="color: #0000BB">$name</span><span style="color: #007700">) <br />{<br /> echo </span><span style="color: #DD0000">"&lt;/<font color=\"#0000cc\"></span><span style="color: #0000BB">$name</span><span style="color: #DD0000"></font>&gt;"</span><span style="color: #007700">;<br />}<br /><br />function </span><span style="color: #0000BB">characterData</span><span style="color: #007700">(</span><span style="color: #0000BB">$parser</span><span style="color: #007700">, </span><span style="color: #0000BB">$data</span><span style="color: #007700">) <br />{<br /> echo </span><span style="color: #DD0000">"<b></span><span style="color: #0000BB">$data</span><span style="color: #DD0000"></b>"</span><span style="color: #007700">;<br />}<br /><br />function </span><span style="color: #0000BB">PIHandler</span><span style="color: #007700">(</span><span style="color: #0000BB">$parser</span><span style="color: #007700">, </span><span style="color: #0000BB">$target</span><span style="color: #007700">, </span><span style="color: #0000BB">$data</span><span style="color: #007700">) <br />{<br /> switch (</span><span style="color: #0000BB">strtolower</span><span style="color: #007700">(</span><span style="color: #0000BB">$target</span><span style="color: #007700">)) {<br /> case </span><span style="color: #DD0000">"php"</span><span style="color: #007700">:<br /> global </span><span style="color: #0000BB">$parser_file</span><span style="color: #007700">;<br /> </span><span style="color: #FF8000">// If the parsed document is "trusted", we say it is safe<br /> // to execute PHP code inside it. If not, display the code<br /> // instead.<br /> </span><span style="color: #007700">if (</span><span style="color: #0000BB">trustedFile</span><span style="color: #007700">(</span><span style="color: #0000BB">$parser_file</span><span style="color: #007700">[</span><span style="color: #0000BB">$parser</span><span style="color: #007700">])) {<br /> eval(</span><span style="color: #0000BB">$data</span><span style="color: #007700">);<br /> } else {<br /> </span><span style="color: #0000BB">printf</span><span style="color: #007700">(</span><span style="color: #DD0000">"Untrusted PHP code: <i>%s</i>"</span><span style="color: #007700">, <br /> </span><span style="color: #0000BB">htmlspecialchars</span><span style="color: #007700">(</span><span style="color: #0000BB">$data</span><span style="color: #007700">));<br /> }<br /> break;<br /> }<br />}<br /><br />function </span><span style="color: #0000BB">defaultHandler</span><span style="color: #007700">(</span><span style="color: #0000BB">$parser</span><span style="color: #007700">, </span><span style="color: #0000BB">$data</span><span style="color: #007700">) <br />{<br /> if (</span><span style="color: #0000BB">substr</span><span style="color: #007700">(</span><span style="color: #0000BB">$data</span><span style="color: #007700">, </span><span style="color: #0000BB">0</span><span style="color: #007700">, </span><span style="color: #0000BB">1</span><span style="color: #007700">) == </span><span style="color: #DD0000">"&" </span><span style="color: #007700">&& </span><span style="color: #0000BB">substr</span><span style="color: #007700">(</span><span style="color: #0000BB">$data</span><span style="color: #007700">, -</span><span style="color: #0000BB">1</span><span style="color: #007700">, </span><span style="color: #0000BB">1</span><span style="color: #007700">) == </span><span style="color: #DD0000">";"</span><span style="color: #007700">) {<br /> </span><span style="color: #0000BB">printf</span><span style="color: #007700">(</span><span style="color: #DD0000">'<font color="#aa00aa">%s</font>'</span><span style="color: #007700">, <br /> </span><span style="color: #0000BB">htmlspecialchars</span><span style="color: #007700">(</span><span style="color: #0000BB">$data</span><span style="color: #007700">));<br /> } else {<br /> </span><span style="color: #0000BB">printf</span><span style="color: #007700">(</span><span style="color: #DD0000">'<font size="-1">%s</font>'</span><span style="color: #007700">, <br /> </span><span style="color: #0000BB">htmlspecialchars</span><span style="color: #007700">(</span><span style="color: #0000BB">$data</span><span style="color: #007700">));<br /> }<br />}<br /><br />function </span><span style="color: #0000BB">externalEntityRefHandler</span><span style="color: #007700">(</span><span style="color: #0000BB">$parser</span><span style="color: #007700">, </span><span style="color: #0000BB">$openEntityNames</span><span style="color: #007700">, </span><span style="color: #0000BB">$base</span><span style="color: #007700">, </span><span style="color: #0000BB">$systemId</span><span style="color: #007700">,<br /> </span><span style="color: #0000BB">$publicId</span><span style="color: #007700">) {<br /> if (</span><span style="color: #0000BB">$systemId</span><span style="color: #007700">) {<br /> if (!list(</span><span style="color: #0000BB">$parser</span><span style="color: #007700">, </span><span style="color: #0000BB">$fp</span><span style="color: #007700">) = </span><span style="color: #0000BB">new_xml_parser</span><span style="color: #007700">(</span><span style="color: #0000BB">$systemId</span><span style="color: #007700">)) {<br /> </span><span style="color: #0000BB">printf</span><span style="color: #007700">(</span><span style="color: #DD0000">"Could not open entity %s at %s\n"</span><span style="color: #007700">, </span><span style="color: #0000BB">$openEntityNames</span><span style="color: #007700">,<br /> </span><span style="color: #0000BB">$systemId</span><span style="color: #007700">);<br /> return </span><span style="color: #0000BB">false</span><span style="color: #007700">;<br /> }<br /> while (</span><span style="color: #0000BB">$data </span><span style="color: #007700">= </span><span style="color: #0000BB">fread</span><span style="color: #007700">(</span><span style="color: #0000BB">$fp</span><span style="color: #007700">, </span><span style="color: #0000BB">4096</span><span style="color: #007700">)) {<br /> if (!</span><span style="color: #0000BB">xml_parse</span><span style="color: #007700">(</span><span style="color: #0000BB">$parser</span><span style="color: #007700">, </span><span style="color: #0000BB">$data</span><span style="color: #007700">, </span><span style="color: #0000BB">feof</span><span style="color: #007700">(</span><span style="color: #0000BB">$fp</span><span style="color: #007700">))) {<br /> </span><span style="color: #0000BB">printf</span><span style="color: #007700">(</span><span style="color: #DD0000">"XML error: %s at line %d while parsing entity %s\n"</span><span style="color: #007700">,<br /> </span><span style="color: #0000BB">xml_error_string</span><span style="color: #007700">(</span><span style="color: #0000BB">xml_get_error_code</span><span style="color: #007700">(</span><span style="color: #0000BB">$parser</span><span style="color: #007700">)),<br /> </span><span style="color: #0000BB">xml_get_current_line_number</span><span style="color: #007700">(</span><span style="color: #0000BB">$parser</span><span style="color: #007700">), </span><span style="color: #0000BB">$openEntityNames</span><span style="color: #007700">);<br /> </span><span style="color: #0000BB">xml_parser_free</span><span style="color: #007700">(</span><span style="color: #0000BB">$parser</span><span style="color: #007700">);<br /> return </span><span style="color: #0000BB">false</span><span style="color: #007700">;<br /> }<br /> }<br /> </span><span style="color: #0000BB">xml_parser_free</span><span style="color: #007700">(</span><span style="color: #0000BB">$parser</span><span style="color: #007700">);<br /> return </span><span style="color: #0000BB">true</span><span style="color: #007700">;<br /> }<br /> return </span><span style="color: #0000BB">false</span><span style="color: #007700">;<br />}<br /><br />function </span><span style="color: #0000BB">new_xml_parser</span><span style="color: #007700">(</span><span style="color: #0000BB">$file</span><span style="color: #007700">) <br />{<br /> global </span><span style="color: #0000BB">$parser_file</span><span style="color: #007700">;<br /><br /> </span><span style="color: #0000BB">$xml_parser </span><span style="color: #007700">= </span><span style="color: #0000BB">xml_parser_create</span><span style="color: #007700">();<br /> </span><span style="color: #0000BB">xml_parser_set_option</span><span style="color: #007700">(</span><span style="color: #0000BB">$xml_parser</span><span style="color: #007700">, </span><span style="color: #0000BB">XML_OPTION_CASE_FOLDING</span><span style="color: #007700">, </span><span style="color: #0000BB">1</span><span style="color: #007700">);<br /> </span><span style="color: #0000BB">xml_set_element_handler</span><span style="color: #007700">(</span><span style="color: #0000BB">$xml_parser</span><span style="color: #007700">, </span><span style="color: #DD0000">"startElement"</span><span style="color: #007700">, </span><span style="color: #DD0000">"endElement"</span><span style="color: #007700">);<br /> </span><span style="color: #0000BB">xml_set_character_data_handler</span><span style="color: #007700">(</span><span style="color: #0000BB">$xml_parser</span><span style="color: #007700">, </span><span style="color: #DD0000">"characterData"</span><span style="color: #007700">);<br /> </span><span style="color: #0000BB">xml_set_processing_instruction_handler</span><span style="color: #007700">(</span><span style="color: #0000BB">$xml_parser</span><span style="color: #007700">, </span><span style="color: #DD0000">"PIHandler"</span><span style="color: #007700">);<br /> </span><span style="color: #0000BB">xml_set_default_handler</span><span style="color: #007700">(</span><span style="color: #0000BB">$xml_parser</span><span style="color: #007700">, </span><span style="color: #DD0000">"defaultHandler"</span><span style="color: #007700">);<br /> </span><span style="color: #0000BB">xml_set_external_entity_ref_handler</span><span style="color: #007700">(</span><span style="color: #0000BB">$xml_parser</span><span style="color: #007700">, </span><span style="color: #DD0000">"externalEntityRefHandler"</span><span style="color: #007700">);<br /> <br /> if (!(</span><span style="color: #0000BB">$fp </span><span style="color: #007700">= @</span><span style="color: #0000BB">fopen</span><span style="color: #007700">(</span><span style="color: #0000BB">$file</span><span style="color: #007700">, </span><span style="color: #DD0000">"r"</span><span style="color: #007700">))) {<br /> return </span><span style="color: #0000BB">false</span><span style="color: #007700">;<br /> }<br /> if (!</span><span style="color: #0000BB">is_array</span><span style="color: #007700">(</span><span style="color: #0000BB">$parser_file</span><span style="color: #007700">)) {<br /> </span><span style="color: #0000BB">settype</span><span style="color: #007700">(</span><span style="color: #0000BB">$parser_file</span><span style="color: #007700">, </span><span style="color: #DD0000">"array"</span><span style="color: #007700">);<br /> }<br /> </span><span style="color: #0000BB">$parser_file</span><span style="color: #007700">[</span><span style="color: #0000BB">$xml_parser</span><span style="color: #007700">] = </span><span style="color: #0000BB">$file</span><span style="color: #007700">;<br /> return array(</span><span style="color: #0000BB">$xml_parser</span><span style="color: #007700">, </span><span style="color: #0000BB">$fp</span><span style="color: #007700">);<br />}<br /><br />if (!(list(</span><span style="color: #0000BB">$xml_parser</span><span style="color: #007700">, </span><span style="color: #0000BB">$fp</span><span style="color: #007700">) = </span><span style="color: #0000BB">new_xml_parser</span><span style="color: #007700">(</span><span style="color: #0000BB">$file</span><span style="color: #007700">))) {<br /> die(</span><span style="color: #DD0000">"could not open XML input"</span><span style="color: #007700">);<br />}<br /><br />echo </span><span style="color: #DD0000">"<pre>"</span><span style="color: #007700">;<br />while (</span><span style="color: #0000BB">$data </span><span style="color: #007700">= </span><span style="color: #0000BB">fread</span><span style="color: #007700">(</span><span style="color: #0000BB">$fp</span><span style="color: #007700">, </span><span style="color: #0000BB">4096</span><span style="color: #007700">)) {<br /> if (!</span><span style="color: #0000BB">xml_parse</span><span style="color: #007700">(</span><span style="color: #0000BB">$xml_parser</span><span style="color: #007700">, </span><span style="color: #0000BB">$data</span><span style="color: #007700">, </span><span style="color: #0000BB">feof</span><span style="color: #007700">(</span><span style="color: #0000BB">$fp</span><span style="color: #007700">))) {<br /> die(</span><span style="color: #0000BB">sprintf</span><span style="color: #007700">(</span><span style="color: #DD0000">"XML error: %s at line %d\n"</span><span style="color: #007700">,<br /> </span><span style="color: #0000BB">xml_error_string</span><span style="color: #007700">(</span><span style="color: #0000BB">xml_get_error_code</span><span style="color: #007700">(</span><span style="color: #0000BB">$xml_parser</span><span style="color: #007700">)),<br /> </span><span style="color: #0000BB">xml_get_current_line_number</span><span style="color: #007700">(</span><span style="color: #0000BB">$xml_parser</span><span style="color: #007700">)));<br /> }<br />}<br />echo </span><span style="color: #DD0000">"</pre>"</span><span style="color: #007700">;<br />echo </span><span style="color: #DD0000">"parse complete\n"</span><span style="color: #007700">;<br /></span><span style="color: #0000BB">xml_parser_free</span><span style="color: #007700">(</span><span style="color: #0000BB">$xml_parser</span><span style="color: #007700">);<br /><br /></span><span style="color: #0000BB">?></span> </span> </code></div> </div> </div> </p> <p class="para"> <div class="example" id="example-5529"> <p><strong>Example #2 xmltest.xml</strong></p> <div class="example-contents"> <div class="xmlcode"><pre class="xmlcode"><?xml version='1.0'?> <!DOCTYPE chapter SYSTEM "/just/a/test.dtd" [ <!ENTITY plainEntity "FOO entity"> <!ENTITY systemEntity SYSTEM "xmltest2.xml"> ]> <chapter> <TITLE>Title &plainEntity;</TITLE> <para> <informaltable> <tgroup cols="3"> <tbody> <row><entry>a1</entry><entry morerows="1">b1</entry><entry>c1</entry></row> <row><entry>a2</entry><entry>c2</entry></row> <row><entry>a3</entry><entry>b3</entry><entry>c3</entry></row> </tbody> </tgroup> </informaltable> </para> &systemEntity; <section id="about"> <title>About this Document</title> <para> <!-- this is a comment --> <?php echo 'Hi! This is PHP version ' . phpversion(); ?> </para> </section> </chapter></pre> </div> </div> </div> </p> <p class="para"> This file is included from <var class="filename">xmltest.xml</var>: <div class="example" id="example-5530"> <p><strong>Example #3 xmltest2.xml</strong></p> <div class="example-contents"> <div class="xmlcode"><pre class="xmlcode"><?xml version="1.0"?> <!DOCTYPE foo [ <!ENTITY testEnt "test entity"> ]> <foo> <element attrib="value"/> &testEnt; <?php echo "This is some more PHP code being executed."; ?> </foo></pre> </div> </div> </div> </p> </div><hr /><div class="manualnavbar" style="text-align: center;"> <div class="prev" style="text-align: left; float: left;"><a href="example.xml-map-tags.html">XML Tag Mapping Example</a></div> <div class="next" style="text-align: right; float: right;"><a href="ref.xml.html">XML Parser Functions</a></div> <div class="up"><a href="xml.examples.html">Examples</a></div> <div class="home"><a href="index.html">PHP Manual</a></div> </div></body></html>