mirror of
https://github.com/retailcrm/PHPExcel.git
synced 2024-11-23 05:46:06 +03:00
AS we're using simpleXML for xml reading still, we need to use libxml_disable_entity_loader(true); for XXE security patch
This commit is contained in:
parent
98205e5ec7
commit
1abf061df3
@ -377,6 +377,7 @@ class PHPExcel_Settings
|
|||||||
*/
|
*/
|
||||||
public static function getLibXmlLoaderOptions()
|
public static function getLibXmlLoaderOptions()
|
||||||
{
|
{
|
||||||
|
libxml_disable_entity_loader(true);
|
||||||
if (is_null(self::$_libXmlLoaderOptions)) {
|
if (is_null(self::$_libXmlLoaderOptions)) {
|
||||||
self::$_libXmlLoaderOptions = LIBXML_DTDLOAD | LIBXML_DTDATTR;
|
self::$_libXmlLoaderOptions = LIBXML_DTDLOAD | LIBXML_DTDATTR;
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user