Merged in libxml18 (pull request #8)

Disable loading external entities during XML parsing
author: Paweł Sroka <srokap@gmail.com> 2014-01-01 13:12:24 +0100
committer: Paweł Sroka <srokap@gmail.com> 2014-01-01 13:12:24 +0100
commit: 53509917fd2119e17209179aae6d54b64dd2d244 (patch)
tree: aac2e883578b78796686728ae3beed5b2a35a9a4 /engine/classes/ElggXMLElement.php
parent: 7006294fcbfab450289403b6519edb9d5d30ff35 (diff)
parent: 7cacdc8bc26c98a58dc8986acfd911d6542608af (diff)
download: elgg-53509917fd2119e17209179aae6d54b64dd2d244.tar.gz
elgg-53509917fd2119e17209179aae6d54b64dd2d244.tar.bz2
1 files changed, 6 insertions, 2 deletions
diff --git a/engine/classes/ElggXMLElement.php b/engine/classes/ElggXMLElement.php
index 6f2633e25..cbd3fc5ce 100644
--- a/engine/classes/ElggXMLElement.php
+++ b/engine/classes/ElggXMLElement.php
@@ -20,7 +20,12 @@ class ElggXMLElement {
 		if ($xml instanceof SimpleXMLElement) {
 			$this->_element = $xml;
 		} else {
+			// do not load entities
+			$disable_load_entities = libxml_disable_entity_loader(true);
+
 			$this->_element = new SimpleXMLElement($xml);
+
+			libxml_disable_entity_loader($disable_load_entities);
 		}
 	}
 
@@ -123,5 +128,4 @@ class ElggXMLElement {
 		}
 		return false;
 	}
-
-}
-\ No newline at end of file
+}
author	Paweł Sroka <srokap@gmail.com>	2014-01-01 13:12:24 +0100
committer	Paweł Sroka <srokap@gmail.com>	2014-01-01 13:12:24 +0100
commit	53509917fd2119e17209179aae6d54b64dd2d244 (patch)
tree	aac2e883578b78796686728ae3beed5b2a35a9a4 /engine/classes/ElggXMLElement.php
parent	7006294fcbfab450289403b6519edb9d5d30ff35 (diff)
parent	7cacdc8bc26c98a58dc8986acfd911d6542608af (diff)
download	elgg-53509917fd2119e17209179aae6d54b64dd2d244.tar.gz elgg-53509917fd2119e17209179aae6d54b64dd2d244.tar.bz2