[fusion-commits] r2868 - sandbox/adsk/2.4j/common/php
svn_fusion at osgeo.org
svn_fusion at osgeo.org
Mon Jul 28 00:17:49 PDT 2014
Author: ChristineBao
Date: 2014-07-28 00:17:49 -0700 (Mon, 28 Jul 2014)
New Revision: 2868
Modified:
sandbox/adsk/2.4j/common/php/Xml2JSON.php
Log:
#617: XXE security fix
Modified: sandbox/adsk/2.4j/common/php/Xml2JSON.php
===================================================================
--- sandbox/adsk/2.4j/common/php/Xml2JSON.php 2014-07-28 07:15:11 UTC (rev 2867)
+++ sandbox/adsk/2.4j/common/php/Xml2JSON.php 2014-07-28 07:17:49 UTC (rev 2868)
@@ -28,6 +28,10 @@
*/
include(dirname(__FILE__).'/Utilities.php');
+//Requests to this script can be made from anywhere, so disable XML entity loading to
+//guard against malicious XML
+libxml_disable_entity_loader(true);
+
if (isset($_FILES['xml'])) {
$xml = file_get_contents($_FILES['xml']['tmp_name']);
} elseif (isset($_SERVER['HTTP_HOST'])) {
More information about the fusion-commits
mailing list