]> This result is &harmless; XML; $this->setExpectedException('Zend_Xml_Exception'); $result = Zend_Xml_Security::scan($xml); } public function testScanForXXE() { $file = tempnam(sys_get_temp_dir(), 'Zend_XML_Security'); file_put_contents($file, 'This is a remote content!'); $xml = << ]> &foo; XML; try { $result = Zend_Xml_Security::scan($xml); } catch (Zend_Xml_Exception $e) { unlink($file); return; } $this->fail('An expected exception has not been raised.'); } public function testScanSimpleXmlResult() { $result = Zend_Xml_Security::scan($this->_getXml()); $this->assertTrue($result instanceof SimpleXMLElement); $this->assertEquals((string) $result->result, 'test'); } public function testScanDom() { $dom = new DOMDocument('1.0'); $result = Zend_Xml_Security::scan($this->_getXml(), $dom); $this->assertTrue($result instanceof DOMDocument); $node = $result->getElementsByTagName('result')->item(0); $this->assertEquals($node->nodeValue, 'test'); } public function testScanInvalidXml() { $xml = <<test XML; $result = Zend_XML_Security::scan($xml); $this->assertFalse($result); } public function testScanInvalidXmlDom() { $xml = <<test XML; $dom = new DOMDocument('1.0'); $result = Zend_XML_Security::scan($xml, $dom); $this->assertFalse($result); } public function testScanFile() { $file = tempnam(sys_get_temp_dir(), 'Zend_XML_Security'); file_put_contents($file, $this->_getXml()); $result = Zend_Xml_Security::scanFile($file); $this->assertTrue($result instanceof SimpleXMLElement); $this->assertEquals((string) $result->result, 'test'); unlink($file); } public function testScanXmlWithDTD() { $xml = << ]> test XML; $dom = new DOMDocument('1.0'); $result = Zend_Xml_Security::scan($xml, $dom); $this->assertTrue($result instanceof DOMDocument); $this->assertTrue($result->validate()); } protected function _getXml() { return << test XML; } } if (PHPUnit_MAIN_METHOD == "Zend_Xml_SecurityTest::main") { Zend_Xml_SecurityTest::main(); }