diff options
Diffstat (limited to 'includes/Xml.php')
| -rw-r--r-- | includes/Xml.php | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/includes/Xml.php b/includes/Xml.php index 159f7114..c6c02867 100644 --- a/includes/Xml.php +++ b/includes/Xml.php @@ -707,13 +707,15 @@ class Xml { /** * Check if a string is well-formed XML. * Must include the surrounding tag. + * This function is a DoS vector if an attacker can define + * entities in $text. * * @param string $text String to test. * @return bool * * @todo Error position reporting return */ - public static function isWellFormed( $text ) { + private static function isWellFormed( $text ) { $parser = xml_parser_create( "UTF-8" ); # case folding violates XML standard, turn it off |