Make WordPress Core


Ignore:
Timestamp:
08/05/2014 07:13:57 PM (10 years ago)
Author:
nacin
Message:

Disable external entities in ID3.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/ID3/getid3.lib.php

    r24696 r29378  
    520520
    521521    public static function XML2array($XMLstring) {
    522         if (function_exists('simplexml_load_string')) {
    523             if (function_exists('get_object_vars')) {
    524                 $XMLobject = simplexml_load_string($XMLstring);
    525                 return self::SimpleXMLelement2array($XMLobject);
    526             }
     522        if ( function_exists( 'simplexml_load_string' ) && function_exists( 'libxml_disable_entity_loader' ) ) {
     523            $loader = libxml_disable_entity_loader( true );
     524            $XMLobject = simplexml_load_string( $XMLstring, 'SimpleXMLElement', LIBXML_NOENT );
     525            $return = self::SimpleXMLelement2array( $XMLobject );
     526            libxml_disable_entity_loader( $loader );
     527            return $return;
    527528        }
    528529        return false;
Note: See TracChangeset for help on using the changeset viewer.