downloads | documentation | faq | getting help | mailing lists | licenses | wiki | reporting bugs | php.net sites | conferences | my php.net

search for in the

libxml_get_errors> <libxml_clear_errors
[edit] Last updated: Fri, 24 May 2013

view this page in

libxml_disable_entity_loader

(PHP 5 >= 5.2.11)

libxml_disable_entity_loaderDisable the ability to load external entities

Descrição

bool libxml_disable_entity_loader ([ bool $disable = true ] )

Disable/enable the ability to load external entities.

Parâmetros

disable

Disable (TRUE) or enable (FALSE) libxml extensions (such as DOM, XMLWriter and XMLReader) to load external entities.

Valor Retornado

Returns the previous value.

Veja Também



add a note add a note User Contributed Notes libxml_disable_entity_loader - [1 notes]
up
0
simonsimcity
1 year ago
Using this function you can prevent a vulnerable to Local and Remote File Inclusion attacks.

You'll see it in an example where I load and validate the following string:

<!DOCTYPE scan [<!ENTITY test SYSTEM "php://filter/read=convert.base64-encode/resource=/etc/passwd">]>
<scan>&test;</scan>

One way to prevent that the file in given back is to set this value to 0.
Please take a closer look at the release of symfony 2.0.11
add a note add a note

 
show source | credits | sitemap | contact | advertising | mirror sites