WordPress.org

Make WordPress Core

Changeset 29390 for branches/3.9


Ignore:
Timestamp:
08/06/2014 05:56:34 AM (5 years ago)
Author:
nacin
Message:

Disable external entities in ID3.

Merges [29378] to the 3.9 branch.

Location:
branches/3.9
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/3.9

  • branches/3.9/src/wp-includes/ID3/getid3.lib.php

    r24696 r29390  
    520520
    521521    public static function XML2array($XMLstring) {
    522         if (function_exists('simplexml_load_string')) {
    523             if (function_exists('get_object_vars')) {
    524                 $XMLobject = simplexml_load_string($XMLstring);
    525                 return self::SimpleXMLelement2array($XMLobject);
    526             }
     522        if ( function_exists( 'simplexml_load_string' ) && function_exists( 'libxml_disable_entity_loader' ) ) {
     523            $loader = libxml_disable_entity_loader( true );
     524            $XMLobject = simplexml_load_string( $XMLstring, 'SimpleXMLElement', LIBXML_NOENT );
     525            $return = self::SimpleXMLelement2array( $XMLobject );
     526            libxml_disable_entity_loader( $loader );
     527            return $return;
    527528        }
    528529        return false;
Note: See TracChangeset for help on using the changeset viewer.