https://bugzilla.wikimedia.org/show_bug.cgi?id=31719
Tim Starling <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED CC| |[email protected] Resolution| |FIXED --- Comment #7 from Tim Starling <[email protected]> 2012-01-02 03:17:00 UTC --- (In reply to comment #4) > Actually, to fix this, you set > > XMLReader::setParserProperty(XMLReader::SUBST_ENTITIES, true) > > Problem is however that this opens you up to entity expansion xmlbombs. I'm > not > sure if XmlReader sets safe limits to prevent this, an where or how those > limits are set. We can use XMLReader::SUBST_ENTITIES, libxml2 does limit it. Recursive entity declarations generate an error "Detected an entity reference loop", and there are some heuristics in xmlParserEntityCheck() that look like they are intended to protect against some more obscure cases. Committed in r107793. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
