mirror of
https://github.com/php/php-src.git
synced 2025-08-16 14:08:47 +02:00
8f14f036c3
Fixes GHSA-3qrf-m4j2-pcrr.
To parse a document with libxml2, you first need to create a parsing context.
The parsing context contains parsing options (e.g. XML_NOENT to substitute
entities) that the application (in this case PHP) can set.
Unfortunately, libxml2 also supports providing default set options.
For example, if you call xmlSubstituteEntitiesDefault(1) then the XML_NOENT
option will be added to the parsing options every time you create a parsing
context **even if the application never requested XML_NOENT**.
Third party extensions can override these globals, in particular the
substitute entity global. This causes entity substitution to be
unexpectedly active.
Fix it by setting the parsing options to a sane known value.
For API calls that depend on global state we introduce
PHP_LIBXML_SANITIZE_GLOBALS() and PHP_LIBXML_RESTORE_GLOBALS().
For other APIs that work directly with a context we introduce
php_libxml_sanitize_parse_ctxt_options().
(cherry picked from commit
|
||
|---|---|---|
| .. | ||
| tests | ||
| compat.c | ||
| config.m4 | ||
| config.w32 | ||
| CREDITS | ||
| expat_compat.h | ||
| php_xml.h | ||
| xml.c | ||
| xml.stub.php | ||
| xml_arginfo.h | ||