31 lines
847 B
Plaintext
31 lines
847 B
Plaintext
include::../description.adoc[]
|
|
|
|
include::../ask-yourself.adoc[]
|
|
|
|
include::../recommended.adoc[]
|
|
|
|
== Sensitive Code Example
|
|
|
|
----
|
|
function evaluate_xpath($doc, $xpathstring, $xmlstring)
|
|
{
|
|
$xpath = new DOMXpath($doc);
|
|
$xpath->query($xpathstring); // Sensitive
|
|
$xpath->evaluate($xpathstring); // Sensitive
|
|
|
|
// There is no risk if the xpath is hardcoded
|
|
$xpath->query("/users/user[@name='alice']"); // Ok
|
|
$xpath->evaluate("/users/user[@name='alice']"); // Ok
|
|
|
|
// An issue will also be created if the SimpleXMLElement is created
|
|
// by simplexml_load_file, simplexml_load_string or simplexml_import_dom
|
|
$xml = new SimpleXMLElement($doc);
|
|
$xml->xpath($xpathstring); // Sensitive
|
|
|
|
// There is no risk if the xpath is hardcoded
|
|
$xml->xpath("/users/user[@name='alice']"); // Ok
|
|
}
|
|
----
|
|
|
|
include::../see.adoc[]
|