From 14f74d141ab5580688bfd46d2f74c026e43ed967 Mon Sep 17 00:00:00 2001
From: Pierre Schmitz <pierre@archlinux.de>
Date: Wed, 1 Apr 2015 06:11:44 +0200
Subject: Update to MediaWiki 1.24.2

---
 includes/Xml.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'includes/Xml.php')

diff --git a/includes/Xml.php b/includes/Xml.php
index 159f7114..c6c02867 100644
--- a/includes/Xml.php
+++ b/includes/Xml.php
@@ -707,13 +707,15 @@ class Xml {
 	/**
 	 * Check if a string is well-formed XML.
 	 * Must include the surrounding tag.
+	 * This function is a DoS vector if an attacker can define
+	 * entities in $text.
 	 *
 	 * @param string $text String to test.
 	 * @return bool
 	 *
 	 * @todo Error position reporting return
 	 */
-	public static function isWellFormed( $text ) {
+	private static function isWellFormed( $text ) {
 		$parser = xml_parser_create( "UTF-8" );
 
 		# case folding violates XML standard, turn it off
-- 
cgit v1.2.2