diff options
author | Luke Shumaker <lukeshu@sbcglobal.net> | 2016-05-01 15:17:42 -0400 |
---|---|---|
committer | Luke Shumaker <lukeshu@sbcglobal.net> | 2016-05-01 15:17:42 -0400 |
commit | f7d4cf9ed0ae68fec630d14e8f6aade38e49f036 (patch) | |
tree | a730c57badbe0e2f0f064ca2006c82d4b6ed54ea /includes/Xml.php | |
parent | aee35e4a93d105024bcae947cd8b16c962191f5c (diff) | |
parent | 5d1e7dd0ccda0984ccf3e8e3d0f88ac888b05819 (diff) |
Merge commit '5d1e7'
Diffstat (limited to 'includes/Xml.php')
-rw-r--r-- | includes/Xml.php | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/includes/Xml.php b/includes/Xml.php index 159f7114..c6c02867 100644 --- a/includes/Xml.php +++ b/includes/Xml.php @@ -707,13 +707,15 @@ class Xml { /** * Check if a string is well-formed XML. * Must include the surrounding tag. + * This function is a DoS vector if an attacker can define + * entities in $text. * * @param string $text String to test. * @return bool * * @todo Error position reporting return */ - public static function isWellFormed( $text ) { + private static function isWellFormed( $text ) { $parser = xml_parser_create( "UTF-8" ); # case folding violates XML standard, turn it off |