diff options
| author | Arthur Schiwon <blizzz@arthur-schiwon.de> | 2023-07-20 12:36:42 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-07-20 12:36:42 +0200 |
| commit | feca3449fadcf14d3d9afe41c216433c44f50da6 (patch) | |
| tree | e83b152b661d36dd2b17e7562366902d8dcc2165 | |
| parent | 04d19fb1d7a7fe1937c2a68e948c715d346c1a17 (diff) | |
| parent | 227497705e03758fef0816b55d841d47044a4f37 (diff) | |
| download | nextcloud-server-feca3449fadcf14d3d9afe41c216433c44f50da6.tar.gz nextcloud-server-feca3449fadcf14d3d9afe41c216433c44f50da6.zip | |
Merge pull request #39491 from nextcloud/backport/39490/stable27
[stable27] fix(apps): Fix loading info.xml file
| -rw-r--r-- | lib/base.php | 5 | ||||
| -rw-r--r-- | lib/private/App/InfoParser.php | 6 | ||||
| -rw-r--r-- | lib/private/Installer.php | 4 |
3 files changed, 10 insertions, 5 deletions
diff --git a/lib/base.php b/lib/base.php index 09ec5be441b..ed62494ab30 100644 --- a/lib/base.php +++ b/lib/base.php @@ -588,6 +588,11 @@ class OC { } public static function init(): void { + // prevent any XML processing from loading external entities + libxml_set_external_entity_loader(static function () { + return null; + }); + // calculate the root directories OC::$SERVERROOT = str_replace("\\", '/', substr(__DIR__, 0, -4)); diff --git a/lib/private/App/InfoParser.php b/lib/private/App/InfoParser.php index c0f69e615bd..79d051fd2a1 100644 --- a/lib/private/App/InfoParser.php +++ b/lib/private/App/InfoParser.php @@ -31,7 +31,7 @@ namespace OC\App; use OCP\ICache; use function libxml_disable_entity_loader; -use function simplexml_load_file; +use function simplexml_load_string; class InfoParser { /** @var \OCP\ICache|null */ @@ -63,10 +63,10 @@ class InfoParser { libxml_use_internal_errors(true); if ((PHP_VERSION_ID < 80000)) { $loadEntities = libxml_disable_entity_loader(false); - $xml = simplexml_load_file($file); + $xml = simplexml_load_string(file_get_contents($file)); libxml_disable_entity_loader($loadEntities); } else { - $xml = simplexml_load_file($file); + $xml = simplexml_load_string(file_get_contents($file)); } if ($xml === false) { diff --git a/lib/private/Installer.php b/lib/private/Installer.php index 43c3db7c3fd..0458c14da8a 100644 --- a/lib/private/Installer.php +++ b/lib/private/Installer.php @@ -333,10 +333,10 @@ class Installer { // Check if appinfo/info.xml has the same app ID as well if ((PHP_VERSION_ID < 80000)) { $loadEntities = libxml_disable_entity_loader(false); - $xml = simplexml_load_file($extractDir . '/' . $folders[0] . '/appinfo/info.xml'); + $xml = simplexml_load_string(file_get_contents($extractDir . '/' . $folders[0] . '/appinfo/info.xml')); libxml_disable_entity_loader($loadEntities); } else { - $xml = simplexml_load_file($extractDir . '/' . $folders[0] . '/appinfo/info.xml'); + $xml = simplexml_load_string(file_get_contents($extractDir . '/' . $folders[0] . '/appinfo/info.xml')); } if ((string)$xml->id !== $appId) { throw new \Exception( |