diff options
Diffstat (limited to 'php-openid-2.2.2-cve-2013-4701.patch')
| -rw-r--r-- | php-openid-2.2.2-cve-2013-4701.patch | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/php-openid-2.2.2-cve-2013-4701.patch b/php-openid-2.2.2-cve-2013-4701.patch new file mode 100644 index 0000000..8529d1b --- /dev/null +++ b/php-openid-2.2.2-cve-2013-4701.patch @@ -0,0 +1,17 @@ +diff -Nur php-openid-2.2.2.orig/Auth/Yadis/XML.php php-openid-2.2.2/Auth/Yadis/XML.php +--- php-openid-2.2.2.orig/Auth/Yadis/XML.php 2011-01-19 15:25:39.000000000 -0700 ++++ php-openid-2.2.2/Auth/Yadis/XML.php 2013-08-23 21:39:13.818386179 -0600 +@@ -235,6 +235,13 @@ + } + + if (!@$this->doc->loadXML($xml_string)) { ++ // disable external entities and libxml errors ++ $loader = libxml_disable_entity_loader(true); ++ $errors = libxml_use_internal_errors(true); ++ $parse_result = @$this->doc->loadXML($xml_string); ++ libxml_disable_entity_loader($loader); ++ libxml_use_internal_errors($errors); ++ if (!$parse_result) { + return false; + } + |