diff options
author | Pierre Schmitz <pierre@archlinux.de> | 2015-04-01 06:11:44 +0200 |
---|---|---|
committer | Pierre Schmitz <pierre@archlinux.de> | 2015-04-01 06:11:44 +0200 |
commit | 14f74d141ab5580688bfd46d2f74c026e43ed967 (patch) | |
tree | 081b7cbfc4d246ecc42831978d080331267cf57c /includes/Xml.php | |
parent | 4a953b6bfda28604979feb9cfbb58974d13b84bb (diff) |
Update to MediaWiki 1.24.2
Diffstat (limited to 'includes/Xml.php')
-rw-r--r-- | includes/Xml.php | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/includes/Xml.php b/includes/Xml.php index 159f7114..c6c02867 100644 --- a/includes/Xml.php +++ b/includes/Xml.php @@ -707,13 +707,15 @@ class Xml { /** * Check if a string is well-formed XML. * Must include the surrounding tag. + * This function is a DoS vector if an attacker can define + * entities in $text. * * @param string $text String to test. * @return bool * * @todo Error position reporting return */ - public static function isWellFormed( $text ) { + private static function isWellFormed( $text ) { $parser = xml_parser_create( "UTF-8" ); # case folding violates XML standard, turn it off |