wikimedia/mediawiki-extensions-RSS
1
0
Fork 0
mirror of https://gerrit.wikimedia.org/r/mediawiki/extensions/RSS synced 2024-11-13 17:57:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

Prevent xxe when loading feed XML

Browse source 
Turn off external entity loading while parsing feed xml.

bug: 46932
Change-Id: I41006fc10f2da1357d57c1566518c86351f522f1
This commit is contained in:
csteipp 2013-04-09 15:43:06 -07:00
parent 00f05c4849
commit 05e4e8fa64
1 changed files with 3 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
RSSParser.php
View file

@ -508,7 +508,10 @@ class RSSParser {
}
wfSuppressWarnings();
// Prevent loading external entities when parsing the XML (bug 46932)
$oldDisable = libxml_disable_entity_loader( true );
$this->xml->loadXML( $raw_xml );
libxml_disable_entity_loader( $oldDisable );
wfRestoreWarnings();
$this->rss = new RSSData( $this->xml );