From 2a3626faae6e7b4241cf2d002e76317bb3dd796c Mon Sep 17 00:00:00 2001
From: Jakub Vrana <jakub@vrana.cz>
Date: Tue, 18 Feb 2025 08:42:30 +0100
Subject: [PATCH] SimpleDB: Disable XML entity loader

---
 changes.txt                  | 5 +++--
 plugins/drivers/simpledb.php | 1 +
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/changes.txt b/changes.txt
index 1d2ac7f3..59fce18a 100644
--- a/changes.txt
+++ b/changes.txt
@@ -1,6 +1,7 @@
 Adminer 4.15.0-dev:
-Don't allow path in HTTP servers
-Hide error message from HTTP servers
+HTTP drivers: Don't allow path in server name
+HTTP drivers: Hide connection error message
+SimpleDB: Disable XML entity loader
 
 Adminer 4.14.0:
 Use autofocus HTML attribute
diff --git a/plugins/drivers/simpledb.php b/plugins/drivers/simpledb.php
index b9212b1a..88f5efd9 100644
--- a/plugins/drivers/simpledb.php
+++ b/plugins/drivers/simpledb.php
@@ -436,6 +436,7 @@ if (isset($_GET["simpledb"])) {
 			return false;
 		}
 		libxml_use_internal_errors(true);
+		libxml_disable_entity_loader();
 		$xml = simplexml_load_string($file);
 		if (!$xml) {
 			$error = libxml_get_last_error();
-- 
2.39.5