AS we're using simpleXML for xml reading still, we need to use libxml_disable_entity_loader(true); for XXE security patch

This commit is contained in:
Mark Baker 2014-02-21 10:01:44 +00:00
parent 98205e5ec7
commit 1abf061df3

View File

@ -377,6 +377,7 @@ class PHPExcel_Settings
*/ */
public static function getLibXmlLoaderOptions() public static function getLibXmlLoaderOptions()
{ {
libxml_disable_entity_loader(true);
if (is_null(self::$_libXmlLoaderOptions)) { if (is_null(self::$_libXmlLoaderOptions)) {
self::$_libXmlLoaderOptions = LIBXML_DTDLOAD | LIBXML_DTDATTR; self::$_libXmlLoaderOptions = LIBXML_DTDLOAD | LIBXML_DTDATTR;
} }