Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(apps): Fix loading info.xml file #39490

Merged
merged 1 commit into from
Jul 20, 2023
Merged

fix(apps): Fix loading info.xml file #39490

merged 1 commit into from
Jul 20, 2023

Conversation

nickvergessen
Copy link
Member

Ref: https://bugs.php.net/bug.php?id=62577

Bildschirmfoto vom 2023-07-12 09-25-46

Checklist

@nickvergessen
fix(apps): Fix loading info.xml file
2014e7b 
Ref: https://bugs.php.net/bug.php?id=62577

Signed-off-by: Joas Schilling <coding@schilljs.com>
@nickvergessen nickvergessen added the 3. to review Waiting for reviews label Jul 20, 2023
@nickvergessen nickvergessen added this to the Nextcloud 28 milestone Jul 20, 2023
@nickvergessen nickvergessen self-assigned this Jul 20, 2023
This was referenced Jul 20, 2023
Merged
Merged
Merged
Merged
github-advanced-security[bot]
github-advanced-security bot found potential problems Jul 20, 2023
View reviewed changes
lib/private/App/InfoParser.php
@@ -63,10 +63,10 @@
libxml_use_internal_errors(true);
if ((PHP_VERSION_ID < 80000)) {
$loadEntities = libxml_disable_entity_loader(false);
$xml = simplexml_load_file($file);
$xml = simplexml_load_string(file_get_contents($file));

Check failure

Code scanning / Psalm

TaintedFile Error

Detected tainted file handling
lib/private/App/InfoParser.php
libxml_disable_entity_loader($loadEntities);
} else {
$xml = simplexml_load_file($file);
$xml = simplexml_load_string(file_get_contents($file));

Check failure

Code scanning / Psalm

TaintedFile Error

Detected tainted file handling
This was referenced Jul 20, 2023
Merged
Merged
Merged
Merged
@blizzz blizzz added 4. to release Ready to be released and/or waiting for tests to finish and removed 3. to review Waiting for reviews labels Jul 20, 2023
@nickvergessen nickvergessen merged commit a4dd35e into master Jul 20, 2023
37 of 38 checks passed
@nickvergessen nickvergessen deleted the bugfix/noid/fix-loading-infoxml branch July 20, 2023 10:08
hoellen added a commit to hoellen/docker-nextcloud that referenced this pull request Jul 25, 2023
@hoellen
fix: disable snuffleupagus xxe protection
2d3fd8f 
Nextcloud now prevents loading external entities by using libxml_set_external_entity_loader.

ref:
nextcloud/server#39490
#42
@hoellen hoellen mentioned this pull request Jul 25, 2023
Closed
hoellen added a commit to hoellen/docker-nextcloud that referenced this pull request Jul 26, 2023
@hoellen
fix: disable snuffleupagus xxe protection
3df8828 
Nextcloud now prevents loading external entities by using libxml_set_external_entity_loader.

ref:
nextcloud/server#39490
#42
hoellen added a commit to hoellen/docker-nextcloud that referenced this pull request Jul 26, 2023
@hoellen
fix: disable snuffleupagus xxe protection
ad6682a 
Nextcloud now prevents loading external entities by using libxml_set_external_entity_loader.

ref:
nextcloud/server#39490
#42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@marcelklehr marcelklehr marcelklehr approved these changes

@blizzz blizzz blizzz approved these changes

@come-nc come-nc come-nc approved these changes

Assignees

@nickvergessen nickvergessen

Labels
4. to release Ready to be released and/or waiting for tests to finish
Projects
None yet
Milestone
Nextcloud 28
Development

Successfully merging this pull request may close these issues.
4 participants
@nickvergessen @marcelklehr @blizzz @come-nc