Merge pull request PHPOffice#3509 from PHPOffice/Stricter-Identify-Spreadsheet-Files-Only

Validate that OLE file contains a workbook object (ie. isn't a doc or a ppt file)

Author: MarkBaker

src/PhpSpreadsheet/Reader/Xls.php

@@ -430,7 +430,7 @@ public function __construct()
      */
     public function canRead(string $filename): bool
     {
-        if (!File::testFileNoThrow($filename)) {
+        if (File::testFileNoThrow($filename) === false) {
             return false;
         }
 
@@ -440,6 +440,9 @@ public function canRead(string $filename): bool
 
             // get excel data
             $ole->read($filename);
+            if ($ole->wrkbook === null) {
+                throw new Exception('The filename ' . $filename . ' is not recognised as a Spreadsheet file');
+            }
 
             return true;
         } catch (PhpSpreadsheetException $e) {
@@ -449,7 +452,7 @@ public function canRead(string $filename): bool
 
     public function setCodepage(string $codepage): void
     {
-        if (!CodePage::validate($codepage)) {
+        if (CodePage::validate($codepage) === false) {
             throw new PhpSpreadsheetException('Unknown codepage: ' . $codepage);
         }
 

src/PhpSpreadsheet/Shared/OLERead.php

@@ -134,7 +134,7 @@ public function read(string $filename): void
 
         $bbdBlocks = $this->numBigBlockDepotBlocks;
 
-        if ($this->numExtensionBlocks != 0) {
+        if ($this->numExtensionBlocks !== 0) {
             $bbdBlocks = (self::BIG_BLOCK_SIZE - self::BIG_BLOCK_DEPOT_BLOCKS_POS) / 4;
         }
 

tests/PhpSpreadsheetTests/IOFactoryTest.php

@@ -108,6 +108,33 @@ public function providerIdentify(): array
         ];
     }
 
+    public function testIdentifyInvalid(): void
+    {
+        $file = __DIR__ . '/../data/Reader/NotASpreadsheetFile.doc';
+
+        $this->expectException(ReaderException::class);
+        $this->expectExceptionMessage('Unable to identify a reader for this file');
+        IOFactory::identify($file);
+    }
+
+    public function testCreateInvalid(): void
+    {
+        $file = __DIR__ . '/../data/Reader/NotASpreadsheetFile.doc';
+
+        $this->expectException(ReaderException::class);
+        $this->expectExceptionMessage('Unable to identify a reader for this file');
+        IOFactory::createReaderForFile($file);
+    }
+
+    public function testLoadInvalid(): void
+    {
+        $file = __DIR__ . '/../data/Reader/NotASpreadsheetFile.doc';
+
+        $this->expectException(ReaderException::class);
+        $this->expectExceptionMessage('Unable to identify a reader for this file');
+        IOFactory::load($file);
+    }
+
     public function testFormatAsExpected(): void
     {
         $fileName = 'samples/templates/30template.xls';