[MediaWiki-commits] [Gerrit] mediawiki...PageForms[master]: Secure call to DOMDocument::loadHTML()
jenkins-bot has submitted this change and it was merged. (
https://gerrit.wikimedia.org/r/342439 )
Change subject: Secure call to DOMDocument::loadHTML()
..
Secure call to DOMDocument::loadHTML()
Bug: T159458
Change-Id: I2bc425a34ef5cbfb641b285dc155368cc8937129
---
M includes/PF_AutoeditAPI.php
1 file changed, 3 insertions(+), 1 deletion(-)
Approvals:
Yaron Koren: Looks good to me, approved
jenkins-bot: Verified
diff --git a/includes/PF_AutoeditAPI.php b/includes/PF_AutoeditAPI.php
index f46ddc5..20de345 100644
--- a/includes/PF_AutoeditAPI.php
+++ b/includes/PF_AutoeditAPI.php
@@ -989,11 +989,13 @@
$data = array( );
$doc = new DOMDocument();
+ $oldVal = libxml_disable_entity_loader( true );
@$doc->loadHTML(
'http://www.w3.org/TR/REC-html40/loose.dtd;>'
. $html
. ''
);
+ libxml_disable_entity_loader( $oldVal );
// Process input tags.
$inputs = $doc->getElementsByTagName( 'input' );
@@ -1247,4 +1249,4 @@
return __CLASS__ . '-' . PF_VERSION . ($gitSha1 !== false) ? '
(' . substr( $gitSha1, 0, 7 ) . ')' : '';
}
-}
\ No newline at end of file
+}
--
To view, visit https://gerrit.wikimedia.org/r/342439
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I2bc425a34ef5cbfb641b285dc155368cc8937129
Gerrit-PatchSet: 2
Gerrit-Project: mediawiki/extensions/PageForms
Gerrit-Branch: master
Gerrit-Owner: Harjotsingh
Gerrit-Reviewer: Yaron Koren
Gerrit-Reviewer: jenkins-bot <>
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] mediawiki...PageForms[master]: Secure call to DOMDocument::loadHTML()
Harjotsingh has uploaded a new change for review. (
https://gerrit.wikimedia.org/r/342439 )
Change subject: Secure call to DOMDocument::loadHTML()
..
Secure call to DOMDocument::loadHTML()
Bug: T159458
Change-Id: I2bc425a34ef5cbfb641b285dc155368cc8937129
---
M includes/PF_AutoeditAPI.php
1 file changed, 3 insertions(+), 1 deletion(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/PageForms
refs/changes/39/342439/1
diff --git a/includes/PF_AutoeditAPI.php b/includes/PF_AutoeditAPI.php
index f46ddc5..20de345 100644
--- a/includes/PF_AutoeditAPI.php
+++ b/includes/PF_AutoeditAPI.php
@@ -989,11 +989,13 @@
$data = array( );
$doc = new DOMDocument();
+ $oldVal = libxml_disable_entity_loader( true );
@$doc->loadHTML(
'http://www.w3.org/TR/REC-html40/loose.dtd;>'
. $html
. ''
);
+ libxml_disable_entity_loader( $oldVal );
// Process input tags.
$inputs = $doc->getElementsByTagName( 'input' );
@@ -1247,4 +1249,4 @@
return __CLASS__ . '-' . PF_VERSION . ($gitSha1 !== false) ? '
(' . substr( $gitSha1, 0, 7 ) . ')' : '';
}
-}
\ No newline at end of file
+}
--
To view, visit https://gerrit.wikimedia.org/r/342439
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I2bc425a34ef5cbfb641b285dc155368cc8937129
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/PageForms
Gerrit-Branch: master
Gerrit-Owner: Harjotsingh
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
