[wp-trac] [WordPress Trac] #50898: PHP 8.0: only call libxml_disable_entity_loader() in PHP < 8

WordPress Trac noreply at wordpress.org
Tue Aug 11 16:44:56 UTC 2020


#50898: PHP 8.0: only call libxml_disable_entity_loader() in PHP < 8
------------------------------+-----------------------------
 Reporter:  jrf               |      Owner:  (none)
     Type:  defect (bug)      |     Status:  new
 Priority:  normal            |  Milestone:  Awaiting Review
Component:  Embeds            |    Version:
 Severity:  minor             |   Keywords:  has-patch php8
  Focuses:  coding-standards  |
------------------------------+-----------------------------
 As per the PHP 8.0 changelog:

 > `libxml_disable_entity_loader()` has been deprecated. As libxml 2.9.0 is
 now
 > required, external entity loading is guaranteed to be disabled by
 default,
 > and this function is no longer needed to protect against XXE attacks.

 Source: https://github.com/php/php-
 src/blob/71bfa5344ab207072f4cd25745d7023096338385/UPGRADING#L808-L811

 Calling the function conditionally will prevent deprecation warnings.


 The function is also used in GetID3 - a PR to the same effect as this PR
 has been pulled & merged and is expected to be included in the next GetID3
 release.

 Ref: https://github.com/JamesHeinrich/getID3/pull/260

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/50898>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list