diff options
author | Yury German <blueknight@gentoo.org> | 2016-02-12 22:22:00 -0500 |
---|---|---|
committer | Yury German <blueknight@gentoo.org> | 2016-02-12 22:22:00 -0500 |
commit | 657cafe0e955cf88033597f131aa50835140c617 (patch) | |
tree | cf21a30d319cb2a238a6cfb8b4eb3b20b1b5dcff /plugins/openid/lib/Auth/Yadis/XML.php | |
parent | Adding New Mantra version 2.4.1.1 - Bug 574468 (diff) | |
download | blogs-gentoo-657cafe0e955cf88033597f131aa50835140c617.tar.gz blogs-gentoo-657cafe0e955cf88033597f131aa50835140c617.tar.bz2 blogs-gentoo-657cafe0e955cf88033597f131aa50835140c617.zip |
Updating plugins easy-table, jetpack, openid, public-post preview, talbe-of-contents-plus, wordress-mobile-pack - Bug 574468
Diffstat (limited to 'plugins/openid/lib/Auth/Yadis/XML.php')
-rw-r--r-- | plugins/openid/lib/Auth/Yadis/XML.php | 24 |
1 files changed, 20 insertions, 4 deletions
diff --git a/plugins/openid/lib/Auth/Yadis/XML.php b/plugins/openid/lib/Auth/Yadis/XML.php index cf1f5c41..2b8a20eb 100644 --- a/plugins/openid/lib/Auth/Yadis/XML.php +++ b/plugins/openid/lib/Auth/Yadis/XML.php @@ -234,7 +234,23 @@ class Auth_Yadis_dom extends Auth_Yadis_XMLParser { return false; } - if (!@$this->doc->loadXML($xml_string)) { + // libxml_disable_entity_loader (PHP 5 >= 5.2.11) + if (function_exists('libxml_disable_entity_loader') && function_exists('libxml_use_internal_errors')) { + // disable external entities and libxml errors + $loader = libxml_disable_entity_loader(true); + $errors = libxml_use_internal_errors(true); + $parse_result = @$this->doc->loadXML($xml_string); + libxml_disable_entity_loader($loader); + libxml_use_internal_errors($errors); + } else { + $parse_result = @$this->doc->loadXML($xml_string); + } + + if (!$parse_result) { + return false; + } + + if (isset($this->doc->doctype)) { return false; } @@ -331,11 +347,11 @@ function Auth_Yadis_getSupportedExtensions() function Auth_Yadis_getXMLParser() { global $__Auth_Yadis_defaultParser; - + if (isset($__Auth_Yadis_defaultParser)) { return $__Auth_Yadis_defaultParser; } - + foreach(Auth_Yadis_getSupportedExtensions() as $extension => $classname) { if (extension_loaded($extension)) @@ -345,7 +361,7 @@ function Auth_Yadis_getXMLParser() return $p; } } - + return false; } |