[wp-trac] [WordPress Trac] #50898: PHP 8.0: only call libxml_disable_entity_loader() in PHP < 8
WordPress Trac
noreply at wordpress.org
Tue Aug 11 16:44:56 UTC 2020
#50898: PHP 8.0: only call libxml_disable_entity_loader() in PHP < 8
------------------------------+-----------------------------
Reporter: jrf | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Embeds | Version:
Severity: minor | Keywords: has-patch php8
Focuses: coding-standards |
------------------------------+-----------------------------
As per the PHP 8.0 changelog:
> `libxml_disable_entity_loader()` has been deprecated. As libxml 2.9.0 is
now
> required, external entity loading is guaranteed to be disabled by
default,
> and this function is no longer needed to protect against XXE attacks.
Source: https://github.com/php/php-
src/blob/71bfa5344ab207072f4cd25745d7023096338385/UPGRADING#L808-L811
Calling the function conditionally will prevent deprecation warnings.
The function is also used in GetID3 - a PR to the same effect as this PR
has been pulled & merged and is expected to be included in the next GetID3
release.
Ref: https://github.com/JamesHeinrich/getID3/pull/260
--
Ticket URL: <https://core.trac.wordpress.org/ticket/50898>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list