#50898 closed defect (bug) (fixed)
PHP 8.0: only call libxml_disable_entity_loader() in PHP < 8
Reported by: | jrf | Owned by: | SergeyBiryukov |
---|---|---|---|
Milestone: | 5.6 | Priority: | normal |
Severity: | minor | Version: | |
Component: | Embeds | Keywords: | has-patch php8 commit has-dev-note |
Focuses: | coding-standards | Cc: |
Description
As per the PHP 8.0 changelog:
libxml_disable_entity_loader()
has been deprecated. As libxml 2.9.0 is now
required, external entity loading is guaranteed to be disabled by default,
and this function is no longer needed to protect against XXE attacks.
Source: https://github.com/php/php-src/blob/71bfa5344ab207072f4cd25745d7023096338385/UPGRADING#L808-L811
Calling the function conditionally will prevent deprecation warnings.
The function is also used in GetID3 - a PR to the same effect as this PR has been pulled & merged and is expected to be included in the next GetID3 release.
Attachments (3)
Change History (14)
This ticket was mentioned in PR #468 on WordPress/wordpress-develop by jrfnl.
4 years ago
#1
#2
@
4 years ago
- Milestone changed from Awaiting Review to 5.6
- Owner set to SergeyBiryukov
- Status changed from new to reviewing
#5
@
4 years ago
- Keywords needs-dev-note added
Adding needs-dev-note
to call out in the PHP 8 dev note.
#6
@
4 years ago
- Resolution fixed deleted
- Status changed from closed to reopened
It looks like the needed getID3 changes have yet to make their way into a tagged release and still need to be ported over to WordPress.
50898-getid3.diff makes the related change for 5.6, and will be included in the next versioned update when available.
#7
@
4 years ago
Sorry for the noise! 50898-getid3.2.diff fixes an issue applying the diff I did not catch initially.
This ticket was mentioned in Slack in #core by desrosj. View the logs.
4 years ago
#9
@
4 years ago
- Keywords commit added
@desrosj Reviewing the patch 50898-getid3.2.diff, it looks good. It matches the combination of https://github.com/JamesHeinrich/getID3/pull/260 and https://github.com/JamesHeinrich/getID3/pull/261. Ship it!
#11
@
4 years ago
- Keywords has-dev-note added; needs-dev-note removed
Dev note published: https://make.wordpress.org/core/2020/11/23/wordpress-and-php-8-0/
As per the PHP 8.0 changelog:
Source: https://github.com/php/php-src/blob/71bfa5344ab207072f4cd25745d7023096338385/UPGRADING#L808-L811
Calling the function conditionally will prevent deprecation warnings.
Trac ticket: https://core.trac.wordpress.org/ticket/50898