Ticket #50898: 50898-getid3.2.diff
| File 50898-getid3.2.diff, 1.3 KB (added by , 4 years ago) |
|---|
-
src/wp-includes/ID3/getid3.lib.php
720 720 */ 721 721 public static function XML2array($XMLstring) { 722 722 if (function_exists('simplexml_load_string') && function_exists('libxml_disable_entity_loader')) { 723 // http://websec.io/2012/08/27/Preventing-XEE-in-PHP.html 724 // https://core.trac.wordpress.org/changeset/29378 725 $loader = libxml_disable_entity_loader(true); 723 if (PHP_VERSION_ID < 80000) { 724 // http://websec.io/2012/08/27/Preventing-XEE-in-PHP.html 725 // https://core.trac.wordpress.org/changeset/29378 726 // This function has been deprecated in PHP 8.0 because in libxml 2.9.0, external entity loading is 727 // disabled by default, so this function is no longer needed to protect against XXE attacks. 728 $loader = libxml_disable_entity_loader(true); 729 } 726 730 $XMLobject = simplexml_load_string($XMLstring, 'SimpleXMLElement', LIBXML_NOENT); 727 731 $return = self::SimpleXMLelement2array($XMLobject); 728 libxml_disable_entity_loader($loader); 732 if (PHP_VERSION_ID < 80000 && isset($loader)) { 733 libxml_disable_entity_loader($loader); 734 } 729 735 return $return; 730 736 } 731 737 return false;