Consider a different approach to libxml_disable_entity_loader(true) in init.php
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mahara |
Fix Released
|
High
|
Aaron Wells | ||
1.10 |
Fix Released
|
High
|
Unassigned | ||
1.9 |
Won't Fix
|
High
|
Unassigned | ||
15.04 |
Fix Released
|
High
|
Unassigned | ||
15.10 |
Fix Released
|
High
|
Unassigned | ||
16.04 |
Fix Released
|
High
|
Unassigned |
Bug Description
Unfortunately it seems like using libxml_
PHP Bug https:/
The other problem is https:/
$xml = simplexml_
In Moodle we've been warned on one of our issues that users have seen this problem in the wild with Mahara, I didn't find an issue reported to you about it, so i'll copy and paste the report from our tracker here:
"We had experience with this problem on an upgrade to Mahara 1.7, when https:/
Yesterday whilst debugging some code with Yuliya we realised she also was encountering this horrible combination of bugs affecting her Moodle install so it seems this is not a theoretical problem.
In Moodle we have decided to use the same approach of many other projects and enable/disable the loader around vulnerable code to reduce the chance of this combination of bugs affecting other applications or uses of the the simplexml_
http://
https:/
http://
summary: |
- Consider a different approach for libxml_disable_entity_loader(true) + Consider a different approach to libxml_disable_entity_loader(true) in + init.php |
Changed in mahara: | |
milestone: | none → 1.10.0 |
importance: | Undecided → High |
status: | New → Confirmed |
Changed in mahara: | |
assignee: | nobody → Aaron Wells (u-aaronw) |
Changed in mahara: | |
milestone: | 1.10.0 → 1.10.1 |
tags: | added: no-behat-needed |
no longer affects: | mahara/1.8 |
Changed in mahara: | |
status: | Fix Committed → Fix Released |
We've had multiple reports of Mahara interfering with Joomla sites running on the same server also. I bet this PHP bug is the cause of that as well.
https:/ /mahara. org/interaction /forum/ topic.php? id=6525& offset= 0&limit= 10#post27651