Skip to content

Commit 8e76d04

Browse files
dstogovdstogov
committed
Fixed external entity loading
1 parent afc1deb commit 8e76d04

File tree

3 files changed

+26
-20
lines changed

3 files changed

+26
-20
lines changed

ext/libxml/libxml.c

Lines changed: 15 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -261,6 +261,7 @@ static PHP_GINIT_FUNCTION(libxml)
261261
libxml_globals->stream_context = NULL;
262262
libxml_globals->error_buffer.c = NULL;
263263
libxml_globals->error_list = NULL;
264+
libxml_globals->entity_loader_disabled = 0;
264265
}
265266

266267
/* Channel libxml file io layer through the PHP streams subsystem.
@@ -347,17 +348,16 @@ static int php_libxml_streams_IO_close(void *context)
347348
return php_stream_close((php_stream*)context);
348349
}
349350

350-
static xmlParserInputBufferPtr
351-
php_libxml_input_buffer_noload(const char *URI, xmlCharEncoding enc)
352-
{
353-
return NULL;
354-
}
355-
356351
static xmlParserInputBufferPtr
357352
php_libxml_input_buffer_create_filename(const char *URI, xmlCharEncoding enc)
358353
{
359354
xmlParserInputBufferPtr ret;
360355
void *context = NULL;
356+
TSRMLS_FETCH();
357+
358+
if (LIBXML(entity_loader_disabled)) {
359+
return NULL;
360+
}
361361

362362
if (URI == NULL)
363363
return(NULL);
@@ -834,28 +834,25 @@ static PHP_FUNCTION(libxml_clear_errors)
834834
}
835835
/* }}} */
836836

837+
PHP_LIBXML_API zend_bool php_libxml_disable_entity_loader(zend_bool disable TSRMLS_DC)
838+
{
839+
zend_bool old = LIBXML(entity_loader_disabled);
840+
841+
LIBXML(entity_loader_disabled) = disable;
842+
return old;
843+
}
844+
837845
/* {{{ proto bool libxml_disable_entity_loader([boolean disable])
838846
Disable/Enable ability to load external entities */
839847
static PHP_FUNCTION(libxml_disable_entity_loader)
840848
{
841849
zend_bool disable = 1;
842-
xmlParserInputBufferCreateFilenameFunc old;
843850

844851
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "|b", &disable) == FAILURE) {
845852
return;
846853
}
847854

848-
if (disable == 0) {
849-
old = xmlParserInputBufferCreateFilenameDefault(php_libxml_input_buffer_create_filename);
850-
} else {
851-
old = xmlParserInputBufferCreateFilenameDefault(php_libxml_input_buffer_noload);
852-
}
853-
854-
if (old == php_libxml_input_buffer_noload) {
855-
RETURN_TRUE;
856-
}
857-
858-
RETURN_FALSE;
855+
RETURN_BOOL(php_libxml_disable_entity_loader(disable TSRMLS_CC));
859856
}
860857
/* }}} */
861858

ext/libxml/php_libxml.h

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -43,6 +43,7 @@ ZEND_BEGIN_MODULE_GLOBALS(libxml)
4343
zval *stream_context;
4444
smart_str error_buffer;
4545
zend_llist *error_list;
46+
zend_bool entity_loader_disabled;
4647
ZEND_END_MODULE_GLOBALS(libxml)
4748

4849
typedef struct _libxml_doc_props {
@@ -93,6 +94,7 @@ PHP_LIBXML_API void php_libxml_ctx_error(void *ctx, const char *msg, ...);
9394
PHP_LIBXML_API int php_libxml_xmlCheckUTF8(const unsigned char *s);
9495
PHP_LIBXML_API zval *php_libxml_switch_context(zval *context TSRMLS_DC);
9596
PHP_LIBXML_API void php_libxml_issue_error(int level, const char *msg TSRMLS_DC);
97+
PHP_LIBXML_API zend_bool php_libxml_disable_entity_loader(zend_bool disable TSRMLS_DC);
9698

9799
/* Init/shutdown functions*/
98100
PHP_LIBXML_API void php_libxml_initialize(void);

ext/soap/php_xml.c

Lines changed: 9 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,7 @@
2020
/* $Id$ */
2121

2222
#include "php_soap.h"
23+
#include "ext/libxml/php_libxml.h"
2324
#include "libxml/parser.h"
2425
#include "libxml/parserInternals.h"
2526

@@ -91,14 +92,17 @@ xmlDocPtr soap_xmlParseFile(const char *filename TSRMLS_DC)
9192
ctxt = xmlCreateFileParserCtxt(filename);
9293
PG(allow_url_fopen) = old_allow_url_fopen;
9394
if (ctxt) {
95+
zend_bool old;
96+
9497
ctxt->keepBlanks = 0;
95-
ctxt->options &= ~XML_PARSE_DTDLOAD;
9698
ctxt->sax->ignorableWhitespace = soap_ignorableWhitespace;
9799
ctxt->sax->comment = soap_Comment;
98100
ctxt->sax->warning = NULL;
99101
ctxt->sax->error = NULL;
100102
/*ctxt->sax->fatalError = NULL;*/
103+
old = php_libxml_disable_entity_loader(1);
101104
xmlParseDocument(ctxt);
105+
php_libxml_disable_entity_loader(old);
102106
if (ctxt->wellFormed) {
103107
ret = ctxt->myDoc;
104108
if (ret->URL == NULL && ctxt->directory != NULL) {
@@ -134,7 +138,8 @@ xmlDocPtr soap_xmlParseMemory(const void *buf, size_t buf_size)
134138
*/
135139
ctxt = xmlCreateMemoryParserCtxt(buf, buf_size);
136140
if (ctxt) {
137-
ctxt->options &= ~XML_PARSE_DTDLOAD;
141+
zend_bool old;
142+
138143
ctxt->sax->ignorableWhitespace = soap_ignorableWhitespace;
139144
ctxt->sax->comment = soap_Comment;
140145
ctxt->sax->warning = NULL;
@@ -143,7 +148,9 @@ xmlDocPtr soap_xmlParseMemory(const void *buf, size_t buf_size)
143148
#if LIBXML_VERSION >= 20703
144149
ctxt->options |= XML_PARSE_HUGE;
145150
#endif
151+
old = php_libxml_disable_entity_loader(1);
146152
xmlParseDocument(ctxt);
153+
php_libxml_disable_entity_loader(old);
147154
if (ctxt->wellFormed) {
148155
ret = ctxt->myDoc;
149156
if (ret->URL == NULL && ctxt->directory != NULL) {

0 commit comments

Comments
 (0)