WordPress.org

Make WordPress Core

Changeset 48789


Ignore:
Timestamp:
08/12/2020 03:23:47 PM (12 months ago)
Author:
SergeyBiryukov
Message:

Code Modernization: Only call libxml_disable_entity_loader() in PHP < 8.

This function has been deprecated in PHP 8.0 because in libxml 2.9.0, external entity loading is disabled by default, so this function is no longer needed to protect against XXE attacks.

Props jrf.
Fixes #50898.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/class-wp-oembed.php

    r48586 r48789  
    598598        }
    599599
    600         $loader = libxml_disable_entity_loader( true );
     600        if ( PHP_VERSION_ID < 80000 ) {
     601            // This function has been deprecated in PHP 8.0 because in libxml 2.9.0, external entity loading
     602            // is disabled by default, so this function is no longer needed to protect against XXE attacks.
     603            // phpcs:ignore PHPCompatibility.FunctionUse.RemovedFunctions.libxml_disable_entity_loaderDeprecated
     604            $loader = libxml_disable_entity_loader( true );
     605        }
     606
    601607        $errors = libxml_use_internal_errors( true );
    602608
     
    604610
    605611        libxml_use_internal_errors( $errors );
    606         libxml_disable_entity_loader( $loader );
     612
     613        if ( PHP_VERSION_ID < 80000 && isset( $loader ) ) {
     614            // phpcs:ignore PHPCompatibility.FunctionUse.RemovedFunctions.libxml_disable_entity_loaderDeprecated
     615            libxml_disable_entity_loader( $loader );
     616        }
    607617
    608618        return $return;
Note: See TracChangeset for help on using the changeset viewer.