mirror of
https://github.com/php/doc-en.git
synced 2026-04-26 16:58:08 +02:00
Juliette
f3b5475eeb
The current text in the migration guide about the deprecation of `libxml_disable_entity_loader()` is misleading and can easily lead to the introduction of XXE vulnerable code. In select circumstances, when `LIBXML_NOENT` is used, code can still be vulnerable to XXE attacks, even on PHP 8.0. So I'm proposing to add an appropriate warning and mention the upgrade path in the migration guide. Includes fixing a typo on the `libxml_disable_entity_loader()` page. Co-authored-by: jrfnl <jrfnl@users.noreply.github.com>
3.3 KiB
3.3 KiB