Disable loading external entities during XML parsing

author: Steve Clay <steve@mrclay.org> 2013-07-11 13:24:01 -0400
committer: Paweł Sroka <srokap@gmail.com> 2013-11-04 03:34:21 +0100
commit: d53447f7e6b3277f3249d9a70e56ec01a90c3a60 (patch)
tree: a61fa62cef82fef01254849bbbd70dbf149e854a /engine/classes/ElggXMLElement.php
parent: 550ef1fe32fc8da940c42359f7a6347e65138c85 (diff)
download: elgg-d53447f7e6b3277f3249d9a70e56ec01a90c3a60.tar.gz
elgg-d53447f7e6b3277f3249d9a70e56ec01a90c3a60.tar.bz2
1 files changed, 6 insertions, 2 deletions
diff --git a/engine/classes/ElggXMLElement.php b/engine/classes/ElggXMLElement.php
index 6f2633e25..cbd3fc5ce 100644
--- a/engine/classes/ElggXMLElement.php
+++ b/engine/classes/ElggXMLElement.php
@@ -20,7 +20,12 @@ class ElggXMLElement {
 		if ($xml instanceof SimpleXMLElement) {
 			$this->_element = $xml;
 		} else {
+			// do not load entities
+			$disable_load_entities = libxml_disable_entity_loader(true);
+
 			$this->_element = new SimpleXMLElement($xml);
+
+			libxml_disable_entity_loader($disable_load_entities);
 		}
 	}
 
@@ -123,5 +128,4 @@ class ElggXMLElement {
 		}
 		return false;
 	}
-
-}
-\ No newline at end of file
+}
author	Steve Clay <steve@mrclay.org>	2013-07-11 13:24:01 -0400
committer	Paweł Sroka <srokap@gmail.com>	2013-11-04 03:34:21 +0100
commit	d53447f7e6b3277f3249d9a70e56ec01a90c3a60 (patch)
tree	a61fa62cef82fef01254849bbbd70dbf149e854a /engine/classes/ElggXMLElement.php
parent	550ef1fe32fc8da940c42359f7a6347e65138c85 (diff)
download	elgg-d53447f7e6b3277f3249d9a70e56ec01a90c3a60.tar.gz elgg-d53447f7e6b3277f3249d9a70e56ec01a90c3a60.tar.bz2