dépôts / lhc / web / wiklou.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Special:PageLanguage: Show log extract only when title known
[lhc/web/wiklou.git] / includes / Xml.php
diff --git a/includes/Xml.php b/includes/Xml.php
index 78b8715..f0bd70b 100644 (file)
--- a/includes/Xml.php
+++ b/includes/Xml.php
@@ -703,13 +703,15 @@ class Xml {
        /**
         * Check if a string is well-formed XML.
         * Must include the surrounding tag.
+        * This function is a DoS vector if an attacker can define
+        * entities in $text.
         *
         * @param string $text String to test.
         * @return bool
         *
         * @todo Error position reporting return
         */
-       public static function isWellFormed( $text ) {
+       private static function isWellFormed( $text ) {
                $parser = xml_parser_create( "UTF-8" );
 
                # case folding violates XML standard, turn it off
Wiklou, le Wiki du Wiklou