Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
mahara
mahara
Commits
f33d4cef
Commit
f33d4cef
authored
May 01, 2013
by
Aaron Wells
Browse files
Documenting safe usage of simplexml_load_file()
Bug1047111 Change-Id: I850603dbc1d85f4360ce227d2658e5abb51af1aa
parent
1f7642cd
Changes
1
Hide whitespace changes
Inline
Side-by-side
htdocs/init.php
View file @
f33d4cef
...
...
@@ -61,6 +61,23 @@ if (!is_readable($CFG->docroot . 'config.php')) {
init_performance_info
();
// Because the default XML loader is vulnerable to XEE attacks, we're disabling it by default.
// If you need to use it, you can re-enable the function, call it while passing in the
// LIBXML_NONET parameter, and then disable the function again, like this:
//
// EXAMPLE
// if (function_exists('libxml_disable_entity_loader')) {
// libxml_disable_entity_loader(false);
// }
// $options =
// LIBXML_COMPACT | // Reported to greatly speed XML parsing
// LIBXML_NONET // Disable network access - security check
// ;
// $xml = simplexml_load_file($filename, 'SimpleXMLElement', $options);
// if (function_exists('libxml_disable_entity_loader')) {
// libxml_disable_entity_loader(true);
// }
// END EXAMPLE
if
(
function_exists
(
'libxml_disable_entity_loader'
))
{
libxml_disable_entity_loader
(
true
);
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment