summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBernhard Posselt <Raydiation@users.noreply.github.com>2014-09-29 20:45:00 +0200
committerBernhard Posselt <Raydiation@users.noreply.github.com>2014-09-29 20:45:00 +0200
commitdc6769953e72cbe92a08be90d0cf3d9569a61995 (patch)
tree2624055fbfeca6671f9fab95d46f39d9a7e4c53f
parent0d163490bf30be69637743eed7549855389a0ead (diff)
parent1c463d01fc7bc90111abac58bff7d58fe8701a2a (diff)
Merge pull request #619 from owncloud/disable_xml_entitiy_parsing
Disable XML entity parsing
Diffstat
-rw-r--r--articleenhancer/globalarticleenhancer.php4
-rw-r--r--articleenhancer/xpatharticleenhancer.php6
-rw-r--r--utility/faviconfetcher.php2
3 files changed, 12 insertions, 0 deletions
diff --git a/articleenhancer/globalarticleenhancer.php b/articleenhancer/globalarticleenhancer.php
index 7411d0adc..f4466f75f 100644
--- a/articleenhancer/globalarticleenhancer.php
+++ b/articleenhancer/globalarticleenhancer.php
@@ -23,13 +23,17 @@ class GlobalArticleEnhancer implements ArticleEnhancer {
* This method is run after all enhancers and for every item
*/
public function enhance(Item $item) {
+
$dom = new \DOMDocument();
// wrap it inside a div if there is none to prevent invalid wrapping
// inside <p> tags
$body = '<div>' . $item->getBody() . '</div>';
+ $loadEntities = libxml_disable_entity_loader(true);
@$dom->loadHTML($body, LIBXML_HTML_NOIMPLIED | LIBXML_HTML_NODEFDTD);
+ libxml_disable_entity_loader($loadEntities);
+
$xpath = new \DOMXpath($dom);
// remove youtube autoplay
diff --git a/articleenhancer/xpatharticleenhancer.php b/articleenhancer/xpatharticleenhancer.php
index ad2e65f0b..0550ada46 100644
--- a/articleenhancer/xpatharticleenhancer.php
+++ b/articleenhancer/xpatharticleenhancer.php
@@ -67,7 +67,10 @@ class XPathArticleEnhancer implements ArticleEnhancer {
}
$dom = new \DOMDocument();
+
+ $loadEntities = libxml_disable_entity_loader(true);
@$dom->loadHTML($body);
+ libxml_disable_entity_loader($loadEntities);
$xpath = new \DOMXpath($dom);
$xpathResult = $xpath->evaluate($search);
@@ -131,9 +134,12 @@ class XPathArticleEnhancer implements ArticleEnhancer {
$dom->preserveWhiteSpace = false;
// return, if xml is empty or loading the HTML fails
+ $loadEntities = libxml_disable_entity_loader(true);
if( trim($xmlString) == "" || !@$dom->loadHTML($xmlString) ) {
+ libxml_disable_entity_loader($loadEntities);
return $xmlString;
}
+ libxml_disable_entity_loader($loadEntities);
// remove <!DOCTYPE
$dom->removeChild($dom->firstChild);
diff --git a/utility/faviconfetcher.php b/utility/faviconfetcher.php
index c38706af6..16c188313 100644
--- a/utility/faviconfetcher.php
+++ b/utility/faviconfetcher.php
@@ -78,7 +78,9 @@ class FaviconFetcher {
if($file->body !== '') {
$document = new \DOMDocument();
/** @noinspection PhpUndefinedFieldInspection */
+ $loadEntities = libxml_disable_entity_loader(true);
@$document->loadHTML($file->body);
+ libxml_disable_entity_loader($loadEntities);
if($document) {
$xpath = new \DOMXpath($document);
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-02 08:42:44 +0000