[mapguide-commits] r8308 - sandbox/adsk/2.6l/Oem/fusion_build/common/php
svn_mapguide at osgeo.org
svn_mapguide at osgeo.org
Mon Jul 28 00:12:25 PDT 2014
Author: christinebao
Date: 2014-07-28 00:12:25 -0700 (Mon, 28 Jul 2014)
New Revision: 8308
Modified:
sandbox/adsk/2.6l/Oem/fusion_build/common/php/Xml2JSON.php
Log:
#617: XXE security fix
Modified: sandbox/adsk/2.6l/Oem/fusion_build/common/php/Xml2JSON.php
===================================================================
--- sandbox/adsk/2.6l/Oem/fusion_build/common/php/Xml2JSON.php 2014-07-28 05:41:33 UTC (rev 8307)
+++ sandbox/adsk/2.6l/Oem/fusion_build/common/php/Xml2JSON.php 2014-07-28 07:12:25 UTC (rev 8308)
@@ -2,7 +2,7 @@
/**
* Xml2JSON
*
- * $Id: Xml2JSON.php 2600 2012-09-18 04:39:07Z jng $
+ * $Id: Xml2JSON.php 2852 2014-06-25 03:56:48Z jng $
*
* Copyright (c) 2007, DM Solutions Group Inc.
* Permission is hereby granted, free of charge, to any person obtaining a
@@ -28,6 +28,10 @@
*/
include(dirname(__FILE__).'/Utilities.php');
+//Requests to this script can be made from anywhere, so disable XML entity loading to
+//guard against malicious XML
+libxml_disable_entity_loader(true);
+
if (isset($_FILES['xml'])) {
$xml = file_get_contents($_FILES['xml']['tmp_name']);
} elseif (isset($_SERVER['HTTP_HOST'])) {
More information about the mapguide-commits
mailing list