Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
[DependencyInjection] force enabling the external XML entity loaders #18915
referenced this pull request
May 30, 2016
@nicolas-grekas @sstok I don't see the security issue here. The
Edit. OK, that's no problem as the Document is parsed before the validation takes place.
I'm confused here, is the problem still existent or does this pull request solve the issue?
And as @nicolas-grekas pointed out it also needs to be done for the XliffFileLoader schema validator also as it loads at least one external resource https://github.com/symfony/symfony/blob/master/src/Symfony/Component/Translation/Loader/schema/dic/xliff-core/xliff-core-1.2-strict.xsd#L33 (gets replaced by a local version).
@fabpot One place is in the XliffFileLoader which afaik doesn't support to import resources anyway (and thus would not be affected). And forcing the value in the