Disable XML entities when parsing XML

author Vincent Petry <pvince81@owncloud.com>

Mon, 10 Mar 2014 16:49:47 +0000 (17:49 +0100)

committer Vincent Petry <pvince81@owncloud.com>

Mon, 10 Mar 2014 16:51:13 +0000 (17:51 +0100)
author Vincent Petry <pvince81@owncloud.com>
Mon, 10 Mar 2014 16:49:47 +0000 (17:49 +0100)
committer Vincent Petry <pvince81@owncloud.com>
Mon, 10 Mar 2014 16:51:13 +0000 (17:51 +0100)
diff --git a/lib/private/ocsclient.php b/lib/private/ocsclient.php

index fa6e3fac1bb354aadb7701cbc49ec46d44a1fa55..68dc2c2d6ec6554cb920057c577660d85a0f6866 100644 (file)
--- a/lib/private/ocsclient.php
+++ b/lib/private/ocsclient.php
@@ -72,7 +72,9 @@ class OC_OCSClient{
                 if($xml==false) {
                         return null;
                 }
-               $data=simplexml_load_string($xml);
+               $loadEntities = libxml_disable_entity_loader(true);
+               $data = simplexml_load_string($xml);
+               libxml_disable_entity_loader($loadEntities);
  
                 $tmp=$data->data;
                 $cats=array();
@@ -117,7 +119,9 @@ class OC_OCSClient{
                 if($xml==false) {
                         return null;
                 }
-               $data=simplexml_load_string($xml);
+               $loadEntities = libxml_disable_entity_loader(true);
+               $data = simplexml_load_string($xml);
+               libxml_disable_entity_loader($loadEntities);
  
                 $tmp=$data->data->content;
                 for($i = 0; $i < count($tmp); $i++) {
@@ -159,7 +163,9 @@ class OC_OCSClient{
                         OC_Log::write('core', 'Unable to parse OCS content', OC_Log::FATAL);
                         return null;
                 }
-               $data=simplexml_load_string($xml);
+               $loadEntities = libxml_disable_entity_loader(true);
+               $data = simplexml_load_string($xml);
+               libxml_disable_entity_loader($loadEntities);
  
                 $tmp=$data->data->content;
                 $app=array();
@@ -200,7 +206,9 @@ class OC_OCSClient{
                         OC_Log::write('core', 'Unable to parse OCS content', OC_Log::FATAL);
                         return null;
                 }
-               $data=simplexml_load_string($xml);
+               $loadEntities = libxml_disable_entity_loader(true);
+               $data = simplexml_load_string($xml);
+               libxml_disable_entity_loader($loadEntities);
  
                 $tmp=$data->data->content;
                 $app=array();
diff --git a/lib/private/updater.php b/lib/private/updater.php

index f05d5038b7629ca698c8df5a094bf69ef5a8bb44..292752067bf030d6b531b08cccc322523696ea0a 100644 (file)
--- a/lib/private/updater.php
+++ b/lib/private/updater.php
@@ -76,7 +76,9 @@ class Updater extends BasicEmitter {
                 if ($xml == false) {
                         return array();
                 }
+               $loadEntities = libxml_disable_entity_loader(true);
                 $data = @simplexml_load_string($xml);
+               libxml_disable_entity_loader($loadEntities);
  
                 $tmp = array();
                 $tmp['version'] = $data->version;
author	Vincent Petry <pvince81@owncloud.com>
	Mon, 10 Mar 2014 16:49:47 +0000 (17:49 +0100)
committer	Vincent Petry <pvince81@owncloud.com>
	Mon, 10 Mar 2014 16:51:13 +0000 (17:51 +0100)
lib/private/ocsclient.php		patch \| blob \| history
lib/private/updater.php		patch \| blob \| history