Skip to content
Permalink
Browse files Browse the repository at this point in the history
disable external XML entities and libxml errors
thanks to Kousuke Ebihara for the report and patch.
  • Loading branch information
willnorris committed Aug 12, 2013
1 parent ed87a67 commit 625c16b
Showing 1 changed file with 8 additions and 1 deletion.
9 changes: 8 additions & 1 deletion Auth/Yadis/XML.php
Expand Up @@ -234,7 +234,14 @@ function setXML($xml_string)
return false;
}

if (!@$this->doc->loadXML($xml_string)) {
// disable external entities and libxml errors
$loader = libxml_disable_entity_loader(true);
$errors = libxml_use_internal_errors(true);
$parse_result = @$this->doc->loadXML($xml_string);
libxml_disable_entity_loader($loader);
libxml_use_internal_errors($errors);

if (!$parse_result) {
return false;
}

Expand Down

0 comments on commit 625c16b

Please sign in to comment.