From: Andrew Dolgov <noreply@fakecake.org>
Date: Mon, 8 Dec 2014 11:49:54 +0000 (+0300)
Subject: disable libxml entity loader to prevent attacks via xml external entities (fixes... 
X-Git-Tag: 1.15~1
X-Git-Url: https://git.wh0rd.org/?p=tt-rss.git;a=commitdiff_plain;h=584411fee6ab22037db0201dfff9133b74c0ebac

disable libxml entity loader to prevent attacks via xml external entities (fixes #833)
---

diff --git a/include/functions.php b/include/functions.php
index 769c27af..2f3daea1 100644
--- a/include/functions.php
+++ b/include/functions.php
@@ -14,6 +14,8 @@
 	$fetch_curl_used = false;
 	$suppress_debugging = false;
 
+	libxml_disable_entity_loader(true);
+
 	mb_internal_encoding("UTF-8");
 	date_default_timezone_set('UTC');
 	if (defined('E_DEPRECATED')) {