disable libxml entity loader to prevent attacks via xml external entities (fixes...

author Andrew Dolgov <noreply@fakecake.org>

Mon, 8 Dec 2014 11:49:54 +0000 (14:49 +0300)

committer Andrew Dolgov <noreply@fakecake.org>

Mon, 8 Dec 2014 11:49:54 +0000 (14:49 +0300)
author Andrew Dolgov <noreply@fakecake.org>
Mon, 8 Dec 2014 11:49:54 +0000 (14:49 +0300)
committer Andrew Dolgov <noreply@fakecake.org>
Mon, 8 Dec 2014 11:49:54 +0000 (14:49 +0300)
diff --git a/include/functions.php b/include/functions.php

index 769c27af9f13040c415c667df7ff351b7cc3d415..2f3daea1010519e73c126c0ad9abb3c565fccbdf 100644 (file)
--- a/include/functions.php
+++ b/include/functions.php
@@ -14,6 +14,8 @@
         $fetch_curl_used = false;
         $suppress_debugging = false;
  
+       libxml_disable_entity_loader(true);
+
         mb_internal_encoding("UTF-8");
         date_default_timezone_set('UTC');
         if (defined('E_DEPRECATED')) {
author	Andrew Dolgov <noreply@fakecake.org>
	Mon, 8 Dec 2014 11:49:54 +0000 (14:49 +0300)
committer	Andrew Dolgov <noreply@fakecake.org>
	Mon, 8 Dec 2014 11:49:54 +0000 (14:49 +0300)