Support stream wrappers in XML parser extensions, add external entity loader #3249
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary:
output filenames.
previously missing.
call stack with -fomit-frame-pointer, all XML parsing functions must
be protected with SYNC_VM_REGS_SCOPED().
since they can now be URLs, and translation is now redundant with that
done by FileStreamWrapper.
f_file_get_contents(), so that the libxml default stream context is
used. Almost fixes test/zend/bad/ext/libxml/tests/bug54440.php, except
for a minor error handling issue that should be dealt with by GitHub
PR Add an XML external entity loader. #2376.
when the options fail validation, instead of returning false. This
matches the PHP behaviour and makes
hphp/test/zend/bad/ext/libxml/tests/bug63389.php pass.
"compress.zlib:" in entities and URIs.
Since loading external entities exposes a number of security issues including
remote shell execution, it's disabled by default (except for the data: protocol
which isn't actually external). The new config option is documented in
doc/inconsistencies.
Submitted on behalf of a third-party: The PHP Group
Source: PHP 5.6.0-dev
License: version 3.01 of the PHP license
Closes: #2329
Closes: #2829
Test Plan: automated tests, new version of zend test to make sure external
entity loading fails by default