HomePhabricator

tests: Explicitly wrap an XML call in libxml_disable_entity_loader()
06379ea31b2fUnpublished

Unpublished Commit · Learn More

  • Publishing Disabled: All publishing is disabled for this repository.
  • Not On Permanent Ref: This commit is not an ancestor of any permanent ref.

Description

tests: Explicitly wrap an XML call in libxml_disable_entity_loader()

As per https://www.php.net/manual/en/function.libxml-disable-entity-loader.php
this is technically unnecessary.

However, as of libxml 2.9.0 entity substitution is disabled by default,
so there is no need to disable the loading of external entities.

See also https://github.com/php/php-src/pull/5867

Since the release of libxml 2.9.0 in 2012 external entity loading is
disabled in libxml by default. This means that using
libxml_disable_entity_loader() is no longer needed.

Hopefully helps prevent false positive reports from security scanning tools.

Change-Id: I7cabc5b8d44813d709a11db2f219ae16260542c7

Details

Provenance
ReedyAuthored on Nov 2 2020, 2:59 AM
Parents
rMW5d5d36de6cb8: build: Force composer 1.x in Travis CI
Branches
Unknown
Tags
Unknown
ChangeId
I7cabc5b8d44813d709a11db2f219ae16260542c7

Event Timeline