Changeset 49621
- Timestamp:
- 11/17/2020 12:58:33 AM (4 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-includes/ID3/getid3.lib.php
r48278 r49621 721 721 public static function XML2array($XMLstring) { 722 722 if (function_exists('simplexml_load_string') && function_exists('libxml_disable_entity_loader')) { 723 // http://websec.io/2012/08/27/Preventing-XEE-in-PHP.html 724 // https://core.trac.wordpress.org/changeset/29378 725 $loader = libxml_disable_entity_loader(true); 723 if (PHP_VERSION_ID < 80000) { 724 // http://websec.io/2012/08/27/Preventing-XEE-in-PHP.html 725 // https://core.trac.wordpress.org/changeset/29378 726 // This function has been deprecated in PHP 8.0 because in libxml 2.9.0, external entity loading is 727 // disabled by default, so this function is no longer needed to protect against XXE attacks. 728 $loader = libxml_disable_entity_loader(true); 729 } 726 730 $XMLobject = simplexml_load_string($XMLstring, 'SimpleXMLElement', LIBXML_NOENT); 727 731 $return = self::SimpleXMLelement2array($XMLobject); 728 libxml_disable_entity_loader($loader); 732 if (PHP_VERSION_ID < 80000 && isset($loader)) { 733 libxml_disable_entity_loader($loader); 734 } 729 735 return $return; 730 736 }
Note: See TracChangeset
for help on using the changeset viewer.