sergiotarxz
/
Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Better sanity checks in oEmbed XML handling. see [23158]. 

git-svn-id: https://develop.svn.wordpress.org/trunk@24470 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Andrew Nacin 2013-06-21 03:29:13 +00:00
parent 3c3b517e07
commit fbc7ae43c8
1 changed files with 11 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
wp-includes/class-oembed.php
View File

@ -224,35 +224,24 @@ class WP_oEmbed {
if ( !function_exists('simplexml_load_string') ) {
return false;
}
if ( ! class_exists( 'DOMDocument' ) )
if ( ! function_exists( 'libxml_disable_entity_loader' ) )
return false;
$loader = libxml_disable_entity_loader( true );
$errors = libxml_use_internal_errors( true );
$old_value = null;
if ( function_exists( 'libxml_disable_entity_loader' ) ) {
$old_value = libxml_disable_entity_loader( true );
}
$dom = new DOMDocument;
$success = $dom->loadXML( $response_body );
if ( ! is_null( $old_value ) ) {
libxml_disable_entity_loader( $old_value );
}
$data = simplexml_load_string( $response_body );
libxml_use_internal_errors( $errors );
if ( ! $success || isset( $dom->doctype ) ) {
return false;
$return = false;
if ( is_object( $data ) ) {
$return = new stdClass;
foreach ( $data as $key => $value ) {
$return->$key = (string) $value;
}
}
$data = simplexml_import_dom( $dom );
if ( ! is_object( $data ) )
return false;
$return = new stdClass;
foreach ( $data as $key => $value )
$return->$key = (string) $value;
libxml_disable_entity_loader( $loader );
return $return;
}