SimpleDB: Disable XML entity loader

author Jakub Vrana <jakub@vrana.cz>

Tue, 18 Feb 2025 07:42:30 +0000 (08:42 +0100)

committer Jakub Vrana <jakub@vrana.cz>

Wed, 19 Feb 2025 10:16:45 +0000 (11:16 +0100)
author Jakub Vrana <jakub@vrana.cz>
Tue, 18 Feb 2025 07:42:30 +0000 (08:42 +0100)
committer Jakub Vrana <jakub@vrana.cz>
Wed, 19 Feb 2025 10:16:45 +0000 (11:16 +0100)
diff --git a/changes.txt b/changes.txt

index 1d2ac7f34cb4868663492bffcdf71b0d0ccbe185..59fce18a1ba1cb2018cf1fd0291d4a73864681f1 100644 (file)
--- a/changes.txt
+++ b/changes.txt
@@ -1,6 +1,7 @@
  Adminer 4.15.0-dev:
-Don't allow path in HTTP servers
-Hide error message from HTTP servers
+HTTP drivers: Don't allow path in server name
+HTTP drivers: Hide connection error message
+SimpleDB: Disable XML entity loader
  
  Adminer 4.14.0:
  Use autofocus HTML attribute
diff --git a/plugins/drivers/simpledb.php b/plugins/drivers/simpledb.php

index b9212b1ae44900cec5117b9bd078fa781ee6347e..88f5efd90d6b427a85ef6e70cff4be5219c25686 100644 (file)
--- a/plugins/drivers/simpledb.php
+++ b/plugins/drivers/simpledb.php
@@ -436,6 +436,7 @@ if (isset($_GET["simpledb"])) {
                         return false;
                 }
                 libxml_use_internal_errors(true);
+               libxml_disable_entity_loader();
                 $xml = simplexml_load_string($file);
                 if (!$xml) {
                         $error = libxml_get_last_error();
author	Jakub Vrana <jakub@vrana.cz>
	Tue, 18 Feb 2025 07:42:30 +0000 (08:42 +0100)
committer	Jakub Vrana <jakub@vrana.cz>
	Wed, 19 Feb 2025 10:16:45 +0000 (11:16 +0100)
changes.txt		patch \| blob \| history
plugins/drivers/simpledb.php		patch \| blob \| history