enygma/gist:3494587

## gistfile1.php
<?php
$r = new XMLReader();
$r->xml($post);

while ($r->read()) {
    if ($r->nodeType == 10) {
        $doc = $r->readOuterXML();
        // see if we have any entities
        preg_match_all('#<!ENTITY (.*?)>#ims',$doc,$matches);
        if (!empty($matches[1])) {
            foreach ($matches[1] as $match) {
                $entity = explode(" ",$match);
                $uri = parse_url(str_replace(
                    '"',
                    '',
                    $entity[count($entity)-1]
                ));
                print_r($uri);
                if ($uri['scheme'] == 'file') {
                    throw new \Exception('Local file inclusion!');
                }
            }
        }
    }
}
?>
	<?php
	$r = new XMLReader();
	$r->xml($post);

	while ($r->read()) {
	if ($r->nodeType == 10) {
	$doc = $r->readOuterXML();
	// see if we have any entities
	preg_match_all('#<!ENTITY (.*?)>#ims',$doc,$matches);
	if (!empty($matches[1])) {
	foreach ($matches[1] as $match) {
	$entity = explode(" ",$match);
	$uri = parse_url(str_replace(
	'"',
	'',
	$entity[count($entity)-1]
	));
	print_r($uri);
	if ($uri['scheme'] == 'file') {
	throw new \Exception('Local file inclusion!');
	}
	}
	}
	}
	}
	?>