alex
/
PhpSpreadsheet
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

AS we're using simpleXML for xml reading still, we need to use libxml_disable_entity_loader(true); for XXE security patch

This commit is contained in:
Mark Baker 2014-02-21 10:01:44 +00:00
parent 98205e5ec7
commit 1abf061df3
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Classes/PHPExcel/Settings.php
View File

@ -377,6 +377,7 @@ class PHPExcel_Settings
*/ */
public static function getLibXmlLoaderOptions() public static function getLibXmlLoaderOptions()
{ {
libxml_disable_entity_loader(true);
if (is_null(self::$_libXmlLoaderOptions)) { if (is_null(self::$_libXmlLoaderOptions)) {
self::$_libXmlLoaderOptions = LIBXML_DTDLOAD | LIBXML_DTDATTR; self::$_libXmlLoaderOptions = LIBXML_DTDLOAD | LIBXML_DTDATTR;
} }