forked from GNUsocial/gnu-social
Suppress PHP warnings/notices during AtomPub XML parsing to avoid HTTP header problems when given bad input.
If display_errors is on, typical settings would cause PHP error messages to spew to output before the HTTP headers for setting a 400 error go through. Also switched from deprecated static DOMDocument::loadXML() to non-static call.
This commit is contained in:
parent
b7548fb9e2
commit
e985a41a7e
@ -322,8 +322,11 @@ class ApiTimelineUserAction extends ApiBareAuthAction
|
||||
$this->clientError(_('Atom post must not be empty.'));
|
||||
}
|
||||
|
||||
$dom = DOMDocument::loadXML($xml);
|
||||
if (!$dom) {
|
||||
$old = error_reporting(error_reporting() & ~(E_WARNING | E_NOTICE));
|
||||
$dom = new DOMDocument();
|
||||
$ok = $dom->loadXML($xml);
|
||||
error_reporting($old);
|
||||
if (!$ok) {
|
||||
// TRANS: Client error displayed attempting to post an API that is not well-formed XML.
|
||||
$this->clientError(_('Atom post must be well-formed XML.'));
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user