diff options
author | Lukas Reschke <lukas@owncloud.com> | 2014-09-29 20:13:28 +0200 |
---|---|---|
committer | Lukas Reschke <lukas@owncloud.com> | 2014-09-29 20:14:41 +0200 |
commit | 1c463d01fc7bc90111abac58bff7d58fe8701a2a (patch) | |
tree | 8c2e236fadaa8dc1072e2f939c8126e381104bde /articleenhancer/xpatharticleenhancer.php | |
parent | 5f60510826d658e967053dee436c3e0fcf696f3e (diff) |
Disable XML entity parsing
Diffstat (limited to 'articleenhancer/xpatharticleenhancer.php')
-rw-r--r-- | articleenhancer/xpatharticleenhancer.php | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/articleenhancer/xpatharticleenhancer.php b/articleenhancer/xpatharticleenhancer.php index ad2e65f0b..0550ada46 100644 --- a/articleenhancer/xpatharticleenhancer.php +++ b/articleenhancer/xpatharticleenhancer.php @@ -67,7 +67,10 @@ class XPathArticleEnhancer implements ArticleEnhancer { } $dom = new \DOMDocument(); + + $loadEntities = libxml_disable_entity_loader(true); @$dom->loadHTML($body); + libxml_disable_entity_loader($loadEntities); $xpath = new \DOMXpath($dom); $xpathResult = $xpath->evaluate($search); @@ -131,9 +134,12 @@ class XPathArticleEnhancer implements ArticleEnhancer { $dom->preserveWhiteSpace = false; // return, if xml is empty or loading the HTML fails + $loadEntities = libxml_disable_entity_loader(true); if( trim($xmlString) == "" || !@$dom->loadHTML($xmlString) ) { + libxml_disable_entity_loader($loadEntities); return $xmlString; } + libxml_disable_entity_loader($loadEntities); // remove <!DOCTYPE $dom->removeChild($dom->firstChild); |