zydronium/getnamingo-registry
1
0
Fork 0
mirror of https://github.com/getnamingo/registry.git synced 2025-05-10 16:58:34 +02:00
Code Issues Projects Releases Packages Wiki Activity

XXE vulnerability prevention

Browse source
This commit is contained in:
Pinga 2023-08-09 14:40:36 +03:00
parent 595d8b7b2f
commit 2f9abb2a11
1 changed files with 5 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
epp/epp.php
View file

@ -48,7 +48,11 @@ $server->handle(function (Connection $conn) use ($table, $db) {
$length = unpack('N', substr($data, 0, 4))[1];
$xmlData = substr($data, 4, $length - 4);
$xml = simplexml_load_string($xmlData, 'SimpleXMLElement', LIBXML_DTDLOAD | LIBXML_NOENT);
// If you're using PHP < 8.0
libxml_disable_entity_loader(true);
libxml_use_internal_errors(true);
$xml = simplexml_load_string($xmlData);
$xml->registerXPathNamespace('e', 'urn:ietf:params:xml:ns:epp-1.0');
$xml->registerXPathNamespace('xsi', 'http://www.w3.org/2001/XMLSchema-instance');
$xml->registerXPathNamespace('domain', 'urn:ietf:params:xml:ns:domain-1.0');