Dik Takken e0fa48f69d Deprecate libxml_disable_entity_loader() ...

This method was used to protect code against XXE processing attacks.
Since PHP now requires libxml >= 2.9.0 external entity loading no longer
needs to be disabled to prevent these attacks. It is disabled by default.
Also, the method has an unwanted side effect that causes a lot of
confusion: Parsing XML data from resources like files is no longer possible.

Closes GH-5867.

2020-08-03 21:53:29 +02:00

510 B

Raw Blame History

View Raw