From 584411fee6ab22037db0201dfff9133b74c0ebac Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Mon, 8 Dec 2014 14:49:54 +0300 Subject: [PATCH] disable libxml entity loader to prevent attacks via xml external entities (fixes #833) --- include/functions.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/functions.php b/include/functions.php index 769c27af9..2f3daea10 100644 --- a/include/functions.php +++ b/include/functions.php @@ -14,6 +14,8 @@ $fetch_curl_used = false; $suppress_debugging = false; + libxml_disable_entity_loader(true); + mb_internal_encoding("UTF-8"); date_default_timezone_set('UTC'); if (defined('E_DEPRECATED')) {