Protect against XXE in php8 - snuffleupagus - Security module for php7 and php8 - Killing bugclasses and virtual-patching the rest!

diff options

author	jvoisin	2021-04-27 22:22:34 +0200
committer	jvoisin	2021-04-27 22:26:24 +0200
commit	d9cccbbe417d305bb56911cd07a7feac6b89e9a6 (patch)
tree	98b0898cc287d714169318b698a6756741929b5f /src/tests/disable_function/disabled_functions_ret_user_used.phpt
parent	a3feae2fb319899d13ab5013f510b51ce20b4db4 (diff)

Protect against XXE in php8

PHP8 disables external entities by default, but they can still be explicitly used (cf. https://blog.sonarsource.com/wordpress-xxe-security-vulnerability/), which is bad™. The right way to defend against XXE is now to set libxml_set_external_entity_loader to null.

Diffstat (limited to 'src/tests/disable_function/disabled_functions_ret_user_used.phpt')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: