Wavyzz/dolibarr-fork
2
0
Fork 0
forked from Wavyzz/dolibarr
Code Pull Requests Activity

Fix libxml_disable_entity_loader(true) must be called only if LIBXML is

Browse Source 
lower than 20900 (disabled by default for libxml 2.9.0)
This commit is contained in:
Laurent Destailleur
2023-12-29 17:55:09 +01:00
parent ef312e960c
commit ab3737e569
7 changed files with 41 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
htdocs/core/lib/functions.lib.php
View File

@@ -7613,7 +7613,11 @@ function dol_htmlwithnojs($stringtoencode, $nouseofiframesandbox = 0, $check = '
if (!empty($out) && getDolGlobalString('MAIN_RESTRICTHTML_ONLY_VALID_HTML') && $check != 'restricthtmlallowunvalid') {
try {
libxml_use_internal_errors(false); // Avoid to fill memory with xml errors
libxml_disable_entity_loader(true); // Avoid load of external entities (security problem). Required only if LIBXML_VERSION < 20900
if (LIBXML_VERSION < 20900) {
// Avoid load of external entities (security problem).
// Required only if LIBXML_VERSION < 20900
libxml_disable_entity_loader(true);
}
$dom = new DOMDocument();
// Add a trick to solve pb with text without parent tag