diogo/symfony
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[DomCrawler] Dont use LIBXML_PARSEHUGE by default

Browse Source
This commit is contained in:
Nicolas Grekas 2016-03-02 15:53:47 +01:00
parent 2e9e83e635
commit fda32f8c43
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/Symfony/Component/DomCrawler/Crawler.php
View File

@ -219,8 +219,11 @@ class Crawler extends \SplObjectStorage
*
* @param string $content The XML content
* @param string $charset The charset
* @param int $options Bitwise OR of the libxml option constants
* LIBXML_PARSEHUGE is dangerous, see
* http://symfony.com/blog/security-release-symfony-2-0-17-released
*/
public function addXmlContent($content, $charset = 'UTF-8')
public function addXmlContent($content, $charset = 'UTF-8', $options = LIBXML_NONET)
{
$internalErrors = libxml_use_internal_errors(true);
$disableEntities = libxml_disable_entity_loader(true);
@ -230,7 +233,7 @@ class Crawler extends \SplObjectStorage
if ('' !== trim($content)) {
// remove the default namespace to make XPath expressions simpler
@$dom->loadXML(str_replace('xmlns', 'ns', $content), LIBXML_NONET | (defined('LIBXML_PARSEHUGE') ? LIBXML_PARSEHUGE : 0));
@$dom->loadXML(str_replace('xmlns', 'ns', $content), $options);
}
libxml_use_internal_errors($internalErrors);