From 301284fd7fe307c1cd4d3276bddd1210ff2767cc Mon Sep 17 00:00:00 2001 From: Andrew Nacin Date: Mon, 10 Dec 2012 22:23:03 +0000 Subject: [PATCH] Sanity checks in oEmbed XML handling. git-svn-id: https://develop.svn.wordpress.org/trunk@23158 602fd350-edb4-49c9-b593-d223f7449a82 --- wp-includes/class-oembed.php | 42 +++++++++++++++++++++++++----------- 1 file changed, 29 insertions(+), 13 deletions(-) diff --git a/wp-includes/class-oembed.php b/wp-includes/class-oembed.php index 03e32d8ed0..a3eab801a1 100644 --- a/wp-includes/class-oembed.php +++ b/wp-includes/class-oembed.php @@ -216,20 +216,36 @@ class WP_oEmbed { * @access private */ function _parse_xml( $response_body ) { - if ( function_exists('simplexml_load_string') ) { - $errors = libxml_use_internal_errors( 'true' ); - $data = simplexml_load_string( $response_body ); - libxml_use_internal_errors( $errors ); - if ( ! is_object( $data ) ) - return false; - - $return = new stdClass; - foreach ( $data as $key => $value ) - $return->$key = (string) $value; - - return $return; + if ( !function_exists('simplexml_load_string') ) { + return false; } - return false; + + $errors = libxml_use_internal_errors( true ); + $old_value = null; + if ( function_exists( 'libxml_disable_entity_loader' ) ) { + $old_value = libxml_disable_entity_loader( true ); + } + + $dom = new DOMDocument; + $success = $dom->loadXML( $response_body ); + + if ( ! is_null( $old_value ) ) { + libxml_disable_entity_loader( $old_value ); + } + libxml_use_internal_errors( $errors ); + + if ( ! $success || isset( $dom->doctype ) ) { + return false; + } + + $data = simplexml_import_dom( $dom ); + if ( ! is_object( $data ) ) + return false; + + $return = new stdClass; + foreach ( $data as $key => $value ) + $return->$key = (string) $value; + return $return; } /**