diff options
| -rw-r--r-- | Auth/Yadis/XML.php | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/Auth/Yadis/XML.php b/Auth/Yadis/XML.php index cf1f5c4..bb13775 100644 --- a/Auth/Yadis/XML.php +++ b/Auth/Yadis/XML.php @@ -234,7 +234,14 @@ class Auth_Yadis_dom extends Auth_Yadis_XMLParser { return false; } - if (!@$this->doc->loadXML($xml_string)) { + // disable external entities and libxml errors + $loader = libxml_disable_entity_loader(true); + $errors = libxml_use_internal_errors(true); + $parse_result = @$this->doc->loadXML($xml_string); + libxml_disable_entity_loader($loader); + libxml_use_internal_errors($errors); + + if (!$parse_result) { return false; } |