Ref: https://bugs.php.net/bug.php?id=62577 Signed-off-by: Joas Schilling <coding@schilljs.com>tags/v28.0.0beta1
@@ -588,6 +588,11 @@ class OC { | |||
} | |||
public static function init(): void { | |||
// prevent any XML processing from loading external entities | |||
libxml_set_external_entity_loader(static function () { | |||
return null; | |||
}); | |||
// calculate the root directories | |||
OC::$SERVERROOT = str_replace("\\", '/', substr(__DIR__, 0, -4)); | |||
@@ -31,7 +31,7 @@ namespace OC\App; | |||
use OCP\ICache; | |||
use function libxml_disable_entity_loader; | |||
use function simplexml_load_file; | |||
use function simplexml_load_string; | |||
class InfoParser { | |||
/** @var \OCP\ICache|null */ | |||
@@ -63,10 +63,10 @@ class InfoParser { | |||
libxml_use_internal_errors(true); | |||
if ((PHP_VERSION_ID < 80000)) { | |||
$loadEntities = libxml_disable_entity_loader(false); | |||
$xml = simplexml_load_file($file); | |||
$xml = simplexml_load_string(file_get_contents($file)); | |||
libxml_disable_entity_loader($loadEntities); | |||
} else { | |||
$xml = simplexml_load_file($file); | |||
$xml = simplexml_load_string(file_get_contents($file)); | |||
} | |||
if ($xml === false) { |
@@ -334,10 +334,10 @@ class Installer { | |||
// Check if appinfo/info.xml has the same app ID as well | |||
if ((PHP_VERSION_ID < 80000)) { | |||
$loadEntities = libxml_disable_entity_loader(false); | |||
$xml = simplexml_load_file($extractDir . '/' . $folders[0] . '/appinfo/info.xml'); | |||
$xml = simplexml_load_string(file_get_contents($extractDir . '/' . $folders[0] . '/appinfo/info.xml')); | |||
libxml_disable_entity_loader($loadEntities); | |||
} else { | |||
$xml = simplexml_load_file($extractDir . '/' . $folders[0] . '/appinfo/info.xml'); | |||
$xml = simplexml_load_string(file_get_contents($extractDir . '/' . $folders[0] . '/appinfo/info.xml')); | |||
} | |||
if ((string)$xml->id !== $appId) { | |||
throw new \Exception( |