Changeset 50715
- Timestamp:
- 04/14/2021 11:14:25 PM (4 years ago)
- Location:
- branches/5.7
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/5.7
-
branches/5.7/src/wp-includes/ID3/getid3.lib.php
r49621 r50715 721 721 public static function XML2array($XMLstring) { 722 722 if (function_exists('simplexml_load_string') && function_exists('libxml_disable_entity_loader')) { 723 if (PHP_VERSION_ID < 80000) { 724 // http://websec.io/2012/08/27/Preventing-XEE-in-PHP.html 725 // https://core.trac.wordpress.org/changeset/29378 726 // This function has been deprecated in PHP 8.0 because in libxml 2.9.0, external entity loading is 727 // disabled by default, so this function is no longer needed to protect against XXE attacks. 728 $loader = libxml_disable_entity_loader(true); 729 } 723 // http://websec.io/2012/08/27/Preventing-XEE-in-PHP.html 724 // https://core.trac.wordpress.org/changeset/29378 725 // This function has been deprecated in PHP 8.0 because in libxml 2.9.0, external entity loading is 726 // disabled by default, but is still needed when LIBXML_NOENT is used. 727 $loader = @libxml_disable_entity_loader(true); 730 728 $XMLobject = simplexml_load_string($XMLstring, 'SimpleXMLElement', LIBXML_NOENT); 731 729 $return = self::SimpleXMLelement2array($XMLobject); 732 if (PHP_VERSION_ID < 80000 && isset($loader)) { 733 libxml_disable_entity_loader($loader); 734 } 730 @libxml_disable_entity_loader($loader); 735 731 return $return; 736 732 }
Note: See TracChangeset
for help on using the changeset viewer.