From 584411fee6ab22037db0201dfff9133b74c0ebac Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@fakecake.org>
Date: Mon, 8 Dec 2014 14:49:54 +0300
Subject: [PATCH] disable libxml entity loader to prevent attacks via xml
 external entities (fixes #833)

---
 include/functions.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/include/functions.php b/include/functions.php
index 769c27af..2f3daea1 100644
--- a/include/functions.php
+++ b/include/functions.php
@@ -14,6 +14,8 @@
 	$fetch_curl_used = false;
 	$suppress_debugging = false;
 
+	libxml_disable_entity_loader(true);
+
 	mb_internal_encoding("UTF-8");
 	date_default_timezone_set('UTC');
 	if (defined('E_DEPRECATED')) {
-- 
2.39.2