RetailCRM-Mirror/PHPExcel
1
0
Fork 0
mirror of https://github.com/retailcrm/PHPExcel.git synced 2024-11-29 16:56:03 +03:00
Code Issues Projects Releases Wiki Activity

When libxmlloader options are teh default values, disable the entity loader as well. CVE-2014-2054 by MITRE

Browse Source
This commit is contained in:
Maarten Balliauw 2014-02-21 11:06:44 +01:00
parent 1dad681142
commit fdc4532bc7
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Classes/PHPExcel/Settings.php
View File

@ -366,6 +366,7 @@ class PHPExcel_Settings
if (is_null($options)) { if (is_null($options)) {
$options = LIBXML_DTDLOAD | LIBXML_DTDATTR; $options = LIBXML_DTDLOAD | LIBXML_DTDATTR;
} }
@libxml_disable_entity_loader($options == (LIBXML_DTDLOAD | LIBXML_DTDATTR));
self::$_libXmlLoaderOptions = $options; self::$_libXmlLoaderOptions = $options;
} // function setLibXmlLoaderOptions } // function setLibXmlLoaderOptions
@ -378,7 +379,7 @@ class PHPExcel_Settings
public static function getLibXmlLoaderOptions() public static function getLibXmlLoaderOptions()
{ {
if (is_null(self::$_libXmlLoaderOptions)) { if (is_null(self::$_libXmlLoaderOptions)) {
self::$_libXmlLoaderOptions = LIBXML_DTDLOAD | LIBXML_DTDATTR; self::setLibXmlLoaderOptions(LIBXML_DTDLOAD | LIBXML_DTDATTR);
} }
return self::$_libXmlLoaderOptions; return self::$_libXmlLoaderOptions;
} // function getLibXmlLoaderOptions } // function getLibXmlLoaderOptions