Fix #62577: simplexml_load_file does not file if libxml_disable_entity_loader(true)

git-svn-id: https://svn.php.net/repository/phpdoc/en/trunk@350442 c90b9560-bf6c-de11-be94-00142212c4b1

reference/dom/domdocument.xml

@@ -283,6 +283,11 @@
        entities. This attribute is not part of
        the DOM specification and is specific to libxml.
       </para>
+      <caution>
+       <simpara>
+        Enabling entity substitution may facilitate XML External Entity (XXE) attacks.
+       </simpara>
+      </caution>
      </listitem>
     </varlistentry>
     <varlistentry xml:id="domdocument.props.validateonparse">

reference/libxml/constants.xml

@@ -154,6 +154,11 @@
     <simpara>
      Substitute entities
     </simpara>
+    <caution>
+     <simpara>
+      Enabling entity substitution may facilitate XML External Entity (XXE) attacks.
+     </simpara>
+    </caution>
    </listitem>
   </varlistentry>
   <varlistentry xml:id="constant.libxml-noerror">

reference/libxml/functions/libxml-disable-entity-loader.xml

@@ -15,6 +15,10 @@
   </methodsynopsis>
   <para>
    Disable/enable the ability to load external entities.
+   Note that disabling the loading of external entities may cause general issues
+   with loading XML documents. However, as of libxml 2.9.0 entity substitution
+   is disabled by default, so there is no need to disable the loading of external
+   entities.
   </para>
  </refsect1>