That bug fixed the XXE attack by setting the following to true
libxml_disable_entity_loader
This caused issues with the leap2a importer used by mnet, which
used the simplexml_load to load the xml which relies on file
based remote entities. For this situation, a the following flag
is used, which stops network based XXE attacks
LIBXML_NONET
Reviewed: https:/ /reviews. mahara. org/1792 gitorious. org/mahara/ mahara/ commit/ c1a8c97f665cb55 8d3c58f0e68bd05 9c8bfe7fde
Committed: http://
Submitter: Melissa Draper (<email address hidden>)
Branch: 1.6_STABLE
commit c1a8c97f665cb55 8d3c58f0e68bd05 9c8bfe7fde
Author: Hugh Davenport <email address hidden>
Date: Tue Oct 16 13:25:56 2012 +1300
Fix Leap2A import from Moodle
Related to bug #1047111
That bug fixed the XXE attack by setting the following to true disable_ entity_ loader
libxml_
This caused issues with the leap2a importer used by mnet, which
used the simplexml_load to load the xml which relies on file
based remote entities. For this situation, a the following flag
is used, which stops network based XXE attacks
LIBXML_NONET
Change-Id: I3d95ebc9c38374 d339d66a80feaa3 9f5c15f1022
Signed-off-by: Hugh Davenport <email address hidden>