Merge pull request #323 from maartenba/develop
When libxmlloader options are the default values, disable the entity loader as well. CVE-2014-2054 by MITRE
This commit is contained in:
		
						commit
						81c1c55149
					
				| @ -366,6 +366,7 @@ class PHPExcel_Settings | ||||
|         if (is_null($options)) { | ||||
|             $options = LIBXML_DTDLOAD | LIBXML_DTDATTR; | ||||
|         } | ||||
|         @libxml_disable_entity_loader($options == (LIBXML_DTDLOAD | LIBXML_DTDATTR));  | ||||
|         self::$_libXmlLoaderOptions = $options; | ||||
|     } // function setLibXmlLoaderOptions
 | ||||
| 
 | ||||
| @ -379,7 +380,7 @@ class PHPExcel_Settings | ||||
|     { | ||||
|         libxml_disable_entity_loader(true); | ||||
|         if (is_null(self::$_libXmlLoaderOptions)) { | ||||
|             self::$_libXmlLoaderOptions = LIBXML_DTDLOAD | LIBXML_DTDATTR; | ||||
|             self::setLibXmlLoaderOptions(LIBXML_DTDLOAD | LIBXML_DTDATTR); | ||||
|         } | ||||
|         return self::$_libXmlLoaderOptions; | ||||
|     } // function getLibXmlLoaderOptions
 | ||||
|  | ||||
		Loading…
	
		Reference in New Issue
	
	Block a user
	 Maarten Balliauw
						Maarten Balliauw