From 952dc6921acb275de74dd33be2ecb01986bfdd49 Mon Sep 17 00:00:00 2001 From: msquare Date: Thu, 14 Dec 2017 14:56:29 +0100 Subject: undo of fix #382: XXE DoS in engelsystem - the feature is actually needed for xcal files --- includes/pages/admin_import.php | 2 -- 1 file changed, 2 deletions(-) (limited to 'includes') diff --git a/includes/pages/admin_import.php b/includes/pages/admin_import.php index 4faca183..4b0f35de 100644 --- a/includes/pages/admin_import.php +++ b/includes/pages/admin_import.php @@ -80,7 +80,6 @@ function admin_import() if (isset($_FILES['xcal_file']) && ($_FILES['xcal_file']['error'] == 0)) { if (move_uploaded_file($_FILES['xcal_file']['tmp_name'], $import_file)) { libxml_use_internal_errors(true); - libxml_disable_entity_loader(true); if (simplexml_load_file($import_file) === false) { $valid = false; error(_('No valid xml/xcal file provided.')); @@ -425,7 +424,6 @@ function read_xml($file) global $xml_import; if (!isset($xml_import)) { libxml_use_internal_errors(true); - libxml_disable_entity_loader(true); $xml_import = simplexml_load_file($file); } return $xml_import; -- cgit v1.2.3-70-g09d2