diff options
| author | Vincent Petry <pvince81@owncloud.com> | 2014-03-10 17:49:47 +0100 |
|---|---|---|
| committer | Vincent Petry <pvince81@owncloud.com> | 2014-03-10 17:51:13 +0100 |
| commit | f4f61f03c9d14eaa16a7a7fcd49f2086dfa56e92 (patch) | |
| tree | e25548f8e6e1d047a17e245982ff0c074df9d76b | |
| parent | 23eeb898a97933ebb61b5e325c8ab99a2e3c1596 (diff) | |
| download | nextcloud-server-f4f61f03c9d14eaa16a7a7fcd49f2086dfa56e92.tar.gz nextcloud-server-f4f61f03c9d14eaa16a7a7fcd49f2086dfa56e92.zip | |
Disable XML entities when parsing XML
| -rw-r--r-- | lib/private/ocsclient.php | 16 | ||||
| -rw-r--r-- | lib/private/updater.php | 2 |
2 files changed, 14 insertions, 4 deletions
diff --git a/lib/private/ocsclient.php b/lib/private/ocsclient.php index fa6e3fac1bb..68dc2c2d6ec 100644 --- a/lib/private/ocsclient.php +++ b/lib/private/ocsclient.php @@ -72,7 +72,9 @@ class OC_OCSClient{ if($xml==false) { return null; } - $data=simplexml_load_string($xml); + $loadEntities = libxml_disable_entity_loader(true); + $data = simplexml_load_string($xml); + libxml_disable_entity_loader($loadEntities); $tmp=$data->data; $cats=array(); @@ -117,7 +119,9 @@ class OC_OCSClient{ if($xml==false) { return null; } - $data=simplexml_load_string($xml); + $loadEntities = libxml_disable_entity_loader(true); + $data = simplexml_load_string($xml); + libxml_disable_entity_loader($loadEntities); $tmp=$data->data->content; for($i = 0; $i < count($tmp); $i++) { @@ -159,7 +163,9 @@ class OC_OCSClient{ OC_Log::write('core', 'Unable to parse OCS content', OC_Log::FATAL); return null; } - $data=simplexml_load_string($xml); + $loadEntities = libxml_disable_entity_loader(true); + $data = simplexml_load_string($xml); + libxml_disable_entity_loader($loadEntities); $tmp=$data->data->content; $app=array(); @@ -200,7 +206,9 @@ class OC_OCSClient{ OC_Log::write('core', 'Unable to parse OCS content', OC_Log::FATAL); return null; } - $data=simplexml_load_string($xml); + $loadEntities = libxml_disable_entity_loader(true); + $data = simplexml_load_string($xml); + libxml_disable_entity_loader($loadEntities); $tmp=$data->data->content; $app=array(); diff --git a/lib/private/updater.php b/lib/private/updater.php index f05d5038b76..292752067bf 100644 --- a/lib/private/updater.php +++ b/lib/private/updater.php @@ -76,7 +76,9 @@ class Updater extends BasicEmitter { if ($xml == false) { return array(); } + $loadEntities = libxml_disable_entity_loader(true); $data = @simplexml_load_string($xml); + libxml_disable_entity_loader($loadEntities); $tmp = array(); $tmp['version'] = $data->version; |