WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Better sanity checks in oEmbed XML handling. see [23158]. 

git-svn-id: http://core.svn.wordpress.org/trunk@24470 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Andrew Nacin 2013-06-21 03:29:13 +00:00
parent 2e6372a4a7
commit 274d09b342
1 changed files with 11 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
wp-includes/class-oembed.php
View File

@ -224,35 +224,24 @@ class WP_oEmbed {
if ( !function_exists('simplexml_load_string') ) {
return false;
}
if ( ! class_exists( 'DOMDocument' ) )
if ( ! function_exists( 'libxml_disable_entity_loader' ) )
return false;
$loader = libxml_disable_entity_loader( true );
$errors = libxml_use_internal_errors( true );
$old_value = null;
if ( function_exists( 'libxml_disable_entity_loader' ) ) {
$old_value = libxml_disable_entity_loader( true );
}
$dom = new DOMDocument;
$success = $dom->loadXML( $response_body );
if ( ! is_null( $old_value ) ) {
libxml_disable_entity_loader( $old_value );
}
$data = simplexml_load_string( $response_body );
libxml_use_internal_errors( $errors );
if ( ! $success || isset( $dom->doctype ) ) {
return false;
$return = false;
if ( is_object( $data ) ) {
$return = new stdClass;
foreach ( $data as $key => $value ) {
$return->$key = (string) $value;
}
}
$data = simplexml_import_dom( $dom );
if ( ! is_object( $data ) )
return false;
$return = new stdClass;
foreach ( $data as $key => $value )
$return->$key = (string) $value;
libxml_disable_entity_loader( $loader );
return $return;
}