disable libxml entity loader to prevent attacks via xml external entities (fixes #833)

2014-12-08 14:49:54 +03:00 · 2014-12-08 14:49:54 +03:00 · 584411fee6
parent 682c7c2911
commit 584411fee6
1 changed files with 2 additions and 0 deletions
--- a/include/functions.php
+++ b/include/functions.php
@ -14,6 +14,8 @@
 	$fetch_curl_used = false;
 	$suppress_debugging = false;

+	libxml_disable_entity_loader(true);
+
 	mb_internal_encoding("UTF-8");
 	date_default_timezone_set('UTC');
 	if (defined('E_DEPRECATED')) {