WordPress.org
Get WordPress

Make WordPress Core

Ticket #50898: 50898-libxml_disable_entity_loader.patch

File 50898-libxml_disable_entity_loader.patch, 1.9 KB (added by jrf, 5 years ago)

  • src/wp-includes/class-wp-oembed.php 

    From 51311b0e2549a1f9449bba32b9e0dca29f99b347 Mon Sep 17 00:00:00 2001
From: jrfnl <jrfnl@users.noreply.github.com>
Date: Tue, 11 Aug 2020 04:07:35 +0200
Subject: [PATCH] PHP 8.0: only call libxml_disable_entity_loader() in PHP < 8

As per the PHP 8.0 changelog:

> `libxml_disable_entity_loader()` has been deprecated. As libxml 2.9.0 is now
> required, external entity loading is guaranteed to be disabled by default,
> and this function is no longer needed to protect against XXE attacks.

Source: https://github.com/php/php-src/blob/71bfa5344ab207072f4cd25745d7023096338385/UPGRADING#L808-L811

Calling the function conditionally will prevent deprecation warnings.
---
 src/wp-includes/class-wp-oembed.php | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/src/wp-includes/class-wp-oembed.php b/src/wp-includes/class-wp-oembed.php
index 1c10f44489..ac139e4f62 100644
    a b class WP_oEmbed { 
    597597                        return false;
    598598                }
    599599
    600                 $loader = libxml_disable_entity_loader( true );
     600                if ( PHP_VERSION_ID < 80000 ) {
     601                        // This function has been deprecated in PHP 8.0 because in libxml 2.9.0, external entity loading is
     602                        // disabled by default, so this function is no longer needed to protect against XXE attacks.
     603                        // phpcs:ignore PHPCompatibility.FunctionUse.RemovedFunctions.libxml_disable_entity_loaderDeprecated
     604                        $loader = libxml_disable_entity_loader( true );
     605                }
    601606                $errors = libxml_use_internal_errors( true );
    602607
    603608                $return = $this->_parse_xml_body( $response_body );
    604609
    605610                libxml_use_internal_errors( $errors );
    606                 libxml_disable_entity_loader( $loader );
     611                if ( PHP_VERSION_ID < 80000 && isset( $loader ) ) {
     612                        // phpcs:ignore PHPCompatibility.FunctionUse.RemovedFunctions.libxml_disable_entity_loaderDeprecated
     613                        libxml_disable_entity_loader( $loader );
     614                }
    607615
    608616                return $return;
    609617        }