Merge pull request #7656 from owncloud/xml-entityfixes

Disable XML entities when parsing XML
This commit is contained in:
Lukas Reschke 2014-03-10 19:52:04 +01:00
commit 58b18de90d
2 changed files with 14 additions and 4 deletions

View File

@ -72,7 +72,9 @@ class OC_OCSClient{
if($xml==false) {
return null;
}
$data=simplexml_load_string($xml);
$loadEntities = libxml_disable_entity_loader(true);
$data = simplexml_load_string($xml);
libxml_disable_entity_loader($loadEntities);
$tmp=$data->data;
$cats=array();
@ -117,7 +119,9 @@ class OC_OCSClient{
if($xml==false) {
return null;
}
$data=simplexml_load_string($xml);
$loadEntities = libxml_disable_entity_loader(true);
$data = simplexml_load_string($xml);
libxml_disable_entity_loader($loadEntities);
$tmp=$data->data->content;
for($i = 0; $i < count($tmp); $i++) {
@ -159,7 +163,9 @@ class OC_OCSClient{
OC_Log::write('core', 'Unable to parse OCS content', OC_Log::FATAL);
return null;
}
$data=simplexml_load_string($xml);
$loadEntities = libxml_disable_entity_loader(true);
$data = simplexml_load_string($xml);
libxml_disable_entity_loader($loadEntities);
$tmp=$data->data->content;
$app=array();
@ -200,7 +206,9 @@ class OC_OCSClient{
OC_Log::write('core', 'Unable to parse OCS content', OC_Log::FATAL);
return null;
}
$data=simplexml_load_string($xml);
$loadEntities = libxml_disable_entity_loader(true);
$data = simplexml_load_string($xml);
libxml_disable_entity_loader($loadEntities);
$tmp=$data->data->content;
$app=array();

View File

@ -76,7 +76,9 @@ class Updater extends BasicEmitter {
if ($xml == false) {
return array();
}
$loadEntities = libxml_disable_entity_loader(true);
$data = @simplexml_load_string($xml);
libxml_disable_entity_loader($loadEntities);
$tmp = array();
$tmp['version'] = $data->version;