}
public static function XML2array($XMLstring) {
- if ( function_exists( 'simplexml_load_string' ) && function_exists( 'libxml_disable_entity_loader' ) ) {
- $loader = libxml_disable_entity_loader( true );
- $XMLobject = simplexml_load_string( $XMLstring, 'SimpleXMLElement', LIBXML_NOENT );
- $return = self::SimpleXMLelement2array( $XMLobject );
- libxml_disable_entity_loader( $loader );
+ if (function_exists('simplexml_load_string') && function_exists('libxml_disable_entity_loader')) {
+ // http://websec.io/2012/08/27/Preventing-XEE-in-PHP.html
+ // https://core.trac.wordpress.org/changeset/29378
+ $loader = libxml_disable_entity_loader(true);
+ $XMLobject = simplexml_load_string($XMLstring, 'SimpleXMLElement', LIBXML_NOENT);
+ $return = self::SimpleXMLelement2array($XMLobject);
+ libxml_disable_entity_loader($loader);
return $return;
}
return false;
fwrite($tmp, $imgData);
fclose($tmp);
$GetDataImageSize = @getimagesize($tempfilename, $imageinfo);
+ $GetDataImageSize['height'] = $GetDataImageSize[0];
+ $GetDataImageSize['width'] = $GetDataImageSize[1];
}
unlink($tempfilename);
}
return substr(basename('X'.$splited[count($splited) - 1], $suffix), 1);
}
-}
\ No newline at end of file
+}
scripts.mit.edu / autoinstalls / wordpress.git / blobdiff