mirror of
https://github.com/retailcrm/PHPExcel.git
synced 2024-11-22 21:36:05 +03:00
AS we're using simpleXML for xml reading still, we need to use libxml_disable_entity_loader(true); for XXE security patch
This commit is contained in:
parent
98205e5ec7
commit
1abf061df3
@ -377,6 +377,7 @@ class PHPExcel_Settings
|
||||
*/
|
||||
public static function getLibXmlLoaderOptions()
|
||||
{
|
||||
libxml_disable_entity_loader(true);
|
||||
if (is_null(self::$_libXmlLoaderOptions)) {
|
||||
self::$_libXmlLoaderOptions = LIBXML_DTDLOAD | LIBXML_DTDATTR;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user