You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Snuffleupagus logs this call if sp.xxe_protection.enable(); is enabled:
The problem is, that Nextcloud cannot parse its config.php if Snuffleupagus tries to nop the function:
Warning: [snuffleupagus][0.0.0.0][xxe][log] A call to libxml_set_external_entity_loader was tried and nopped in /nextcloud/lib/base.php on line 592
Config file has leading content, please remove everything before "<?php" in config.php
Fatal error: Uncaught Error: Typed static property OC::$server must not be accessed before initialization in /nextcloud/index.php:71 Stack trace: #0 {main} thrown in /nextcloud/index.php on line 71
I guess there is some logging-related shenenigans in how nextcloud handles configuration processing, as in it doesn't exploit Snuffleupagus to complain when it loads its configuration. I don't think there is much that can be done here from Snuffleupagus' side unfortunately.
Anyway, since Nextcloud is explicitly disabling XXE, there is no need to sp.xxe_protection.enable();; it can simply be replaced with something like this:
Since some weeks Nextcloud itself calls
libxml_set_external_entity_loader()
to prevent any XML processing from loading external entities:Snuffleupagus logs this call if
sp.xxe_protection.enable();
is enabled:The problem is, that Nextcloud cannot parse its config.php if Snuffleupagus tries to nop the function:
More information about the issue here: hoellen/docker-nextcloud#42
The text was updated successfully, but these errors were encountered: