Disable XML entities when parsing XML

author: Vincent Petry <pvince81@owncloud.com> 2014-03-10 17:49:47 +0100
committer: Vincent Petry <pvince81@owncloud.com> 2014-03-10 17:51:13 +0100
commit: f4f61f03c9d14eaa16a7a7fcd49f2086dfa56e92 (patch)
tree: e25548f8e6e1d047a17e245982ff0c074df9d76b /lib/private/updater.php
parent: 23eeb898a97933ebb61b5e325c8ab99a2e3c1596 (diff)
download: nextcloud-server-f4f61f03c9d14eaa16a7a7fcd49f2086dfa56e92.tar.gz
nextcloud-server-f4f61f03c9d14eaa16a7a7fcd49f2086dfa56e92.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/lib/private/updater.php b/lib/private/updater.php
index f05d5038b76..292752067bf 100644
--- a/lib/private/updater.php
+++ b/lib/private/updater.php
@@ -76,7 +76,9 @@ class Updater extends BasicEmitter {
 		if ($xml == false) {
 			return array();
 		}
+		$loadEntities = libxml_disable_entity_loader(true);
 		$data = @simplexml_load_string($xml);
+		libxml_disable_entity_loader($loadEntities);
 
 		$tmp = array();
 		$tmp['version'] = $data->version;
author	Vincent Petry <pvince81@owncloud.com>	2014-03-10 17:49:47 +0100
committer	Vincent Petry <pvince81@owncloud.com>	2014-03-10 17:51:13 +0100
commit	f4f61f03c9d14eaa16a7a7fcd49f2086dfa56e92 (patch)
tree	e25548f8e6e1d047a17e245982ff0c074df9d76b /lib/private/updater.php
parent	23eeb898a97933ebb61b5e325c8ab99a2e3c1596 (diff)
download	nextcloud-server-f4f61f03c9d14eaa16a7a7fcd49f2086dfa56e92.tar.gz nextcloud-server-f4f61f03c9d14eaa16a7a7fcd49f2086dfa56e92.zip