From: Jakub Vrana <jakub@vrana.cz>
Date: Tue, 18 Feb 2025 07:42:30 +0000 (+0100)
Subject: SimpleDB: Disable XML entity loader
X-Git-Tag: v4.16.0~36
X-Git-Url: https://git.joonet.de/?a=commitdiff_plain;h=2a3626faae6e7b4241cf2d002e76317bb3dd796c;p=adminer.git

SimpleDB: Disable XML entity loader
---

diff --git a/changes.txt b/changes.txt
index 1d2ac7f3..59fce18a 100644
--- a/changes.txt
+++ b/changes.txt
@@ -1,6 +1,7 @@
 Adminer 4.15.0-dev:
-Don't allow path in HTTP servers
-Hide error message from HTTP servers
+HTTP drivers: Don't allow path in server name
+HTTP drivers: Hide connection error message
+SimpleDB: Disable XML entity loader
 
 Adminer 4.14.0:
 Use autofocus HTML attribute
diff --git a/plugins/drivers/simpledb.php b/plugins/drivers/simpledb.php
index b9212b1a..88f5efd9 100644
--- a/plugins/drivers/simpledb.php
+++ b/plugins/drivers/simpledb.php
@@ -436,6 +436,7 @@ if (isset($_GET["simpledb"])) {
 			return false;
 		}
 		libxml_use_internal_errors(true);
+		libxml_disable_entity_loader();
 		$xml = simplexml_load_string($file);
 		if (!$xml) {
 			$error = libxml_get_last_error();