[MediaWiki-commits] [Gerrit] SECURITY: Disable entity loader in getid3 library - change (mediawiki...TimedMediaHandler)

Mglaser (Code Review) Wed, 17 Dec 2014 11:49:28 -0800

Mglaser has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/180568


Change subject: SECURITY: Disable entity loader in getid3 library
......................................................................

SECURITY: Disable entity loader in getid3 library

This is adapted from the patches:
* https://core.trac.wordpress.org/changeset/29378
* 
https://github.com/JamesHeinrich/getID3/commit/dc8549079a24bb0619b6124ef2df767704f8d0bc

Bug: 69209
Change-Id: Ie0ea9b39be6e22194d6b7298a7636db1292426bc
---
M libs/getid3/getid3.lib.php
1 file changed, 9 insertions(+), 5 deletions(-)


  git pull 
ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/TimedMediaHandler 
refs/changes/68/180568/1

diff --git a/libs/getid3/getid3.lib.php b/libs/getid3/getid3.lib.php
index 08c3067..16d5318 100644
--- a/libs/getid3/getid3.lib.php
+++ b/libs/getid3/getid3.lib.php
@@ -519,11 +519,15 @@
        }
 
        public static function XML2array($XMLstring) {
-               if (function_exists('simplexml_load_string')) {
-                       if (function_exists('get_object_vars')) {
-                               $XMLobject = simplexml_load_string($XMLstring);
-                               return self::SimpleXMLelement2array($XMLobject);
-                       }
+               if (function_exists('simplexml_load_string')
+                       && function_exists('get_object_vars')
+                       && function_exists('libxml_disable_entity_loader')
+               ) {
+                       $loader = libxml_disable_entity_loader(true);
+                       $XMLobject = simplexml_load_string($XMLstring);
+                       $return = self::SimpleXMLelement2array($XMLobject);
+                       libxml_disable_entity_loader($loader);
+                       return $return;
                }
                return false;
        }

-- 
To view, visit https://gerrit.wikimedia.org/r/180568
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ie0ea9b39be6e22194d6b7298a7636db1292426bc
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/TimedMediaHandler
Gerrit-Branch: master
Gerrit-Owner: Mglaser <[email protected]>
Gerrit-Reviewer: CSteipp <[email protected]>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] SECURITY: Disable entity loader in getid3 library - change (mediawiki...TimedMediaHandler)

Reply via email to