sigmasternchen/php-doc-en
1
0
Fork 0
mirror of https://github.com/sigmasternchen/php-doc-en synced 2025-03-24 12:58:56 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
php-doc-en/reference/libxml/functions
History
Juliette f3b5475eeb
PHP 8.0 migration/deprecated: expand on libxml_disable_entity_loader() (#528) 
The current text in the migration guide about the deprecation of `libxml_disable_entity_loader()` is misleading and can easily lead to the introduction of XXE vulnerable code.

In select circumstances, when `LIBXML_NOENT` is used, code can still be vulnerable to XXE attacks, even on PHP 8.0.
So I'm proposing to add an appropriate warning and mention the upgrade path in the migration guide.

Includes fixing a typo on the `libxml_disable_entity_loader()` page.

Co-authored-by: jrfnl <jrfnl@users.noreply.github.com>
2021-04-16 10:44:07 +02:00
..
libxml-clear-errors.xml
libxml-disable-entity-loader.xml PHP 8.0 migration/deprecated: expand on libxml_disable_entity_loader() (#528) 2021-04-16 10:44:07 +02:00
libxml-get-errors.xml minor fixes by anon users 2016-04-02 18:09:05 +00:00
libxml-get-last-error.xml Generate libxml methodsynopses based on stubs 2020-11-23 21:59:02 +00:00
libxml-set-external-entity-loader.xml Improve libxml_set_external_entity_loader() docs 2021-01-19 14:41:43 +01:00
libxml-set-streams-context.xml Generate libxml methodsynopses based on stubs 2020-11-23 21:59:02 +00:00
libxml-use-internal-errors.xml Generate libxml methodsynopses based on stubs 2020-11-23 21:59:02 +00:00