Skip to content
This repository has been archived by the owner on Jan 2, 2019. It is now read-only.

Commit

Permalink
When libxmlloader options are teh default values, disable the entity …
Browse files Browse the repository at this point in the history 
…loader as well. CVE-2014-2054 by MITRE
  • Loading branch information
@maartenba
maartenba committed Feb 21, 2014
1 parent 1dad681 commit fdc4532
Showing 1 changed file with 3 additions and 2 deletions.
5 changes: 3 additions & 2 deletions Classes/PHPExcel/Settings.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -366,6 +366,7 @@ public static function setLibXmlLoaderOptions($options = null)
if (is_null($options)) {
$options = LIBXML_DTDLOAD | LIBXML_DTDATTR;
}
@libxml_disable_entity_loader($options == (LIBXML_DTDLOAD | LIBXML_DTDATTR));
self::$_libXmlLoaderOptions = $options;
} // function setLibXmlLoaderOptions

Expand All @@ -378,8 +379,8 @@ public static function setLibXmlLoaderOptions($options = null)
public static function getLibXmlLoaderOptions()
{
if (is_null(self::$_libXmlLoaderOptions)) {
self::$_libXmlLoaderOptions = LIBXML_DTDLOAD | LIBXML_DTDATTR;
self::setLibXmlLoaderOptions(LIBXML_DTDLOAD | LIBXML_DTDATTR);
}
return self::$_libXmlLoaderOptions;
} // function getLibXmlLoaderOptions
}
}

0 comments on commit fdc4532

Please sign in to comment.