Code Modernization: Only call `libxml_disable_entity_loader()` in PHP < 8.
This function has been deprecated in PHP 8.0 because in libxml 2.9.0, external entity loading is disabled by default, so this function is no longer needed to protect against XXE attacks. This change fixes an instance of `libxml_disable_entity_loader()` within the getID3 library that has not yet been included in a tagged release for the library. Props jrf, hellofromtonya. Fixes #50898. Built from https://develop.svn.wordpress.org/trunk@49621 git-svn-id: http://core.svn.wordpress.org/trunk@49359 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
85b28a939f
commit
03eba7beb2
|
@ -720,12 +720,18 @@ class getid3_lib
|
|||
*/
|
||||
public static function XML2array($XMLstring) {
|
||||
if (function_exists('simplexml_load_string') && function_exists('libxml_disable_entity_loader')) {
|
||||
// http://websec.io/2012/08/27/Preventing-XEE-in-PHP.html
|
||||
// https://core.trac.wordpress.org/changeset/29378
|
||||
$loader = libxml_disable_entity_loader(true);
|
||||
if (PHP_VERSION_ID < 80000) {
|
||||
// http://websec.io/2012/08/27/Preventing-XEE-in-PHP.html
|
||||
// https://core.trac.wordpress.org/changeset/29378
|
||||
// This function has been deprecated in PHP 8.0 because in libxml 2.9.0, external entity loading is
|
||||
// disabled by default, so this function is no longer needed to protect against XXE attacks.
|
||||
$loader = libxml_disable_entity_loader(true);
|
||||
}
|
||||
$XMLobject = simplexml_load_string($XMLstring, 'SimpleXMLElement', LIBXML_NOENT);
|
||||
$return = self::SimpleXMLelement2array($XMLobject);
|
||||
libxml_disable_entity_loader($loader);
|
||||
if (PHP_VERSION_ID < 80000 && isset($loader)) {
|
||||
libxml_disable_entity_loader($loader);
|
||||
}
|
||||
return $return;
|
||||
}
|
||||
return false;
|
||||
|
|
|
@ -13,7 +13,7 @@
|
|||
*
|
||||
* @global string $wp_version
|
||||
*/
|
||||
$wp_version = '5.6-beta4-49620';
|
||||
$wp_version = '5.6-beta4-49621';
|
||||
|
||||
/**
|
||||
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
||||
|
|
Loading…
Reference in New Issue