Changeset 48789

Timestamp:

08/12/2020 03:23:47 PM (3 years ago)

Author:

SergeyBiryukov

Message:

Code Modernization: Only call libxml_disable_entity_loader() in PHP < 8.

This function has been deprecated in PHP 8.0 because in libxml 2.9.0, external entity loading is disabled by default, so this function is no longer needed to protect against XXE attacks.

Props jrf.
Fixes #50898.

File:

• trunk/src/wp-includes/class-wp-oembed.php (modified) (2 diffs)

trunk/src/wp-includes/class-wp-oembed.php

@@ -598 +598 @@
         }
 
-        $loader = libxml_disable_entity_loader( true );
+        if ( PHP_VERSION_ID < 80000 ) {
+            // This function has been deprecated in PHP 8.0 because in libxml 2.9.0, external entity loading
+            // is disabled by default, so this function is no longer needed to protect against XXE attacks.
+            // phpcs:ignore PHPCompatibility.FunctionUse.RemovedFunctions.libxml_disable_entity_loaderDeprecated
+            $loader = libxml_disable_entity_loader( true );
+        }
+
         $errors = libxml_use_internal_errors( true );
 
@@ -604 +610 @@
 
         libxml_use_internal_errors( $errors );
-        libxml_disable_entity_loader( $loader );
+
+        if ( PHP_VERSION_ID < 80000 && isset( $loader ) ) {
+            // phpcs:ignore PHPCompatibility.FunctionUse.RemovedFunctions.libxml_disable_entity_loaderDeprecated
+            libxml_disable_entity_loader( $loader );
+        }
 
         return $return;