From 07ec574a5431e23804a9986a2b3bb38f8ae404fa Mon Sep 17 00:00:00 2001 From: Sergey Biryukov Date: Wed, 12 Aug 2020 15:25:03 +0000 Subject: [PATCH] Code Modernization: Only call `libxml_disable_entity_loader()` in PHP < 8. This function has been deprecated in PHP 8.0 because in libxml 2.9.0, external entity loading is disabled by default, so this function is no longer needed to protect against XXE attacks. Props jrf. Fixes #50898. Built from https://develop.svn.wordpress.org/trunk@48789 git-svn-id: http://core.svn.wordpress.org/trunk@48551 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/class-wp-oembed.php | 14 ++++++++++++-- wp-includes/version.php | 2 +- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/wp-includes/class-wp-oembed.php b/wp-includes/class-wp-oembed.php index 1c10f44489..881de68103 100644 --- a/wp-includes/class-wp-oembed.php +++ b/wp-includes/class-wp-oembed.php @@ -597,13 +597,23 @@ class WP_oEmbed { return false; } - $loader = libxml_disable_entity_loader( true ); + if ( PHP_VERSION_ID < 80000 ) { + // This function has been deprecated in PHP 8.0 because in libxml 2.9.0, external entity loading + // is disabled by default, so this function is no longer needed to protect against XXE attacks. + // phpcs:ignore PHPCompatibility.FunctionUse.RemovedFunctions.libxml_disable_entity_loaderDeprecated + $loader = libxml_disable_entity_loader( true ); + } + $errors = libxml_use_internal_errors( true ); $return = $this->_parse_xml_body( $response_body ); libxml_use_internal_errors( $errors ); - libxml_disable_entity_loader( $loader ); + + if ( PHP_VERSION_ID < 80000 && isset( $loader ) ) { + // phpcs:ignore PHPCompatibility.FunctionUse.RemovedFunctions.libxml_disable_entity_loaderDeprecated + libxml_disable_entity_loader( $loader ); + } return $return; } diff --git a/wp-includes/version.php b/wp-includes/version.php index 83b6f66802..a3dff7a56d 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -13,7 +13,7 @@ * * @global string $wp_version */ -$wp_version = '5.6-alpha-48788'; +$wp_version = '5.6-alpha-48789'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.