Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2026-01-09 10:32:50 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix libxml_disable_entity_loader(true) must be called only if LIBXML is

Browse Source 
lower than 20900 (disabled by default for libxml 2.9.0)
This commit is contained in:
Laurent Destailleur
2023-12-29 17:55:09 +01:00
parent ef312e960c
commit ab3737e569
7 changed files with 41 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
htdocs/api/class/api_setup.class.php
View File

@@ -2052,6 +2052,12 @@ class Setup extends DolibarrApi
throw new RestException(500, $langs->trans("ErrorURLMustEndWith", $xmlremote, '.xml'));
}
if (LIBXML_VERSION < 20900) {
// Avoid load of external entities (security problem).
// Required only if LIBXML_VERSION < 20900
libxml_disable_entity_loader(true);
}
if ($target == 'local') {
if (dol_is_file($xmlfile)) {
$xml = simplexml_load_file($xmlfile);