sergiotarxz
/
Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Code Modernization: Only call `libxml_disable_entity_loader()` in PHP < 8. 

This function has been deprecated in PHP 8.0 because in libxml 2.9.0, external entity loading is disabled by default, so this function is no longer needed to protect against XXE attacks.

Props jrf.
Fixes #50898.

git-svn-id: https://develop.svn.wordpress.org/trunk@48789 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Sergey Biryukov 2020-08-12 15:23:47 +00:00
parent 1bf0a780b3
commit ab9aee8af4
1 changed files with 12 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/wp-includes/class-wp-oembed.php
View File

@ -597,13 +597,23 @@ class WP_oEmbed {
return false; return false;
} }
$loader = libxml_disable_entity_loader( true ); if ( PHP_VERSION_ID < 80000 ) {
// This function has been deprecated in PHP 8.0 because in libxml 2.9.0, external entity loading
// is disabled by default, so this function is no longer needed to protect against XXE attacks.
// phpcs:ignore PHPCompatibility.FunctionUse.RemovedFunctions.libxml_disable_entity_loaderDeprecated
$loader = libxml_disable_entity_loader( true );
}
$errors = libxml_use_internal_errors( true ); $errors = libxml_use_internal_errors( true );
$return = $this->_parse_xml_body( $response_body ); $return = $this->_parse_xml_body( $response_body );
libxml_use_internal_errors( $errors ); libxml_use_internal_errors( $errors );
libxml_disable_entity_loader( $loader );
if ( PHP_VERSION_ID < 80000 && isset( $loader ) ) {
// phpcs:ignore PHPCompatibility.FunctionUse.RemovedFunctions.libxml_disable_entity_loaderDeprecated
libxml_disable_entity_loader( $loader );
}
return $return; return $return;
} }