Disable loading of external XML entities when loading XML
Fixes CVE-2011-4107
This commit is contained in:
Michal Čihař
committed by
Marc Delisle
Marc Delisle
parent
e3d3ef7af2
commit
5fa86b8e81
@@ -61,6 +61,13 @@ while (! ($finished && $i >= $len) && ! $error && ! $timeout_passed) {
|
|||||||
|
|
||||||
unset($data);
|
unset($data);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Disable loading of external XML entities.
|
||||||
|
*/
|
||||||
|
if (function_exists('libxml_disable_entity_loader')) {
|
||||||
|
libxml_disable_entity_loader();
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Load the XML string
|
* Load the XML string
|
||||||
*
|
*
|
||||||
|
|||||||
@@ -56,6 +56,13 @@ while (! ($finished && $i >= $len) && ! $error && ! $timeout_passed) {
|
|||||||
|
|
||||||
unset($data);
|
unset($data);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Disable loading of external XML entities.
|
||||||
|
*/
|
||||||
|
if (function_exists('libxml_disable_entity_loader')) {
|
||||||
|
libxml_disable_entity_loader();
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Load the XML string
|
* Load the XML string
|
||||||
*
|
*
|
||||||
@@ -141,19 +148,19 @@ if (isset($namespaces['pma'])) {
|
|||||||
* Get structures for all tables
|
* Get structures for all tables
|
||||||
*/
|
*/
|
||||||
$struct = $xml->children($namespaces['pma']);
|
$struct = $xml->children($namespaces['pma']);
|
||||||
|
|
||||||
$create = array();
|
$create = array();
|
||||||
|
|
||||||
foreach ($struct as $tier1 => $val1) {
|
foreach ($struct as $tier1 => $val1) {
|
||||||
foreach($val1 as $tier2 => $val2) {
|
foreach($val1 as $tier2 => $val2) {
|
||||||
/* Need to select the correct database for the creation of tables, views, triggers, etc. */
|
/* Need to select the correct database for the creation of tables, views, triggers, etc. */
|
||||||
/**
|
/**
|
||||||
* @todo Generating a USE here blocks importing of a table
|
* @todo Generating a USE here blocks importing of a table
|
||||||
* into another database.
|
* into another database.
|
||||||
*/
|
*/
|
||||||
$attrs = $val2->attributes();
|
$attrs = $val2->attributes();
|
||||||
$create[] = "USE " . PMA_backquote($attrs["name"]);
|
$create[] = "USE " . PMA_backquote($attrs["name"]);
|
||||||
|
|
||||||
foreach ($val2 as $val3) {
|
foreach ($val2 as $val3) {
|
||||||
/**
|
/**
|
||||||
* Remove the extra cosmetic spacing
|
* Remove the extra cosmetic spacing
|
||||||
@@ -163,7 +170,7 @@ if (isset($namespaces['pma'])) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
$struct_present = true;
|
$struct_present = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -179,13 +186,13 @@ $data_present = false;
|
|||||||
*/
|
*/
|
||||||
if (@count($xml->children())) {
|
if (@count($xml->children())) {
|
||||||
$data_present = true;
|
$data_present = true;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Process all database content
|
* Process all database content
|
||||||
*/
|
*/
|
||||||
foreach ($xml as $k1 => $v1) {
|
foreach ($xml as $k1 => $v1) {
|
||||||
$tbl_attr = $v1->attributes();
|
$tbl_attr = $v1->attributes();
|
||||||
|
|
||||||
$isInTables = false;
|
$isInTables = false;
|
||||||
for ($i = 0; $i < count($tables); ++$i) {
|
for ($i = 0; $i < count($tables); ++$i) {
|
||||||
if (! strcmp($tables[$i][TBL_NAME], (string)$tbl_attr['name'])) {
|
if (! strcmp($tables[$i][TBL_NAME], (string)$tbl_attr['name'])) {
|
||||||
@@ -193,11 +200,11 @@ if (@count($xml->children())) {
|
|||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($isInTables == false) {
|
if ($isInTables == false) {
|
||||||
$tables[] = array((string)$tbl_attr['name']);
|
$tables[] = array((string)$tbl_attr['name']);
|
||||||
}
|
}
|
||||||
|
|
||||||
foreach ($v1 as $k2 => $v2) {
|
foreach ($v1 as $k2 => $v2) {
|
||||||
$row_attr = $v2->attributes();
|
$row_attr = $v2->attributes();
|
||||||
if (! array_search((string)$row_attr['name'], $tempRow))
|
if (! array_search((string)$row_attr['name'], $tempRow))
|
||||||
@@ -206,17 +213,17 @@ if (@count($xml->children())) {
|
|||||||
}
|
}
|
||||||
$tempCells[] = (string)$v2;
|
$tempCells[] = (string)$v2;
|
||||||
}
|
}
|
||||||
|
|
||||||
$rows[] = array((string)$tbl_attr['name'], $tempRow, $tempCells);
|
$rows[] = array((string)$tbl_attr['name'], $tempRow, $tempCells);
|
||||||
|
|
||||||
$tempRow = array();
|
$tempRow = array();
|
||||||
$tempCells = array();
|
$tempCells = array();
|
||||||
}
|
}
|
||||||
|
|
||||||
unset($tempRow);
|
unset($tempRow);
|
||||||
unset($tempCells);
|
unset($tempCells);
|
||||||
unset($xml);
|
unset($xml);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Bring accumulated rows into the corresponding table
|
* Bring accumulated rows into the corresponding table
|
||||||
*/
|
*/
|
||||||
@@ -227,17 +234,17 @@ if (@count($xml->children())) {
|
|||||||
if (! isset($tables[$i][COL_NAMES])) {
|
if (! isset($tables[$i][COL_NAMES])) {
|
||||||
$tables[$i][] = $rows[$j][COL_NAMES];
|
$tables[$i][] = $rows[$j][COL_NAMES];
|
||||||
}
|
}
|
||||||
|
|
||||||
$tables[$i][ROWS][] = $rows[$j][ROWS];
|
$tables[$i][ROWS][] = $rows[$j][ROWS];
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
unset($rows);
|
unset($rows);
|
||||||
|
|
||||||
if (! $struct_present) {
|
if (! $struct_present) {
|
||||||
$analyses = array();
|
$analyses = array();
|
||||||
|
|
||||||
$len = count($tables);
|
$len = count($tables);
|
||||||
for ($i = 0; $i < $len; ++$i) {
|
for ($i = 0; $i < $len; ++$i) {
|
||||||
$analyses[] = PMA_analyzeTable($tables[$i]);
|
$analyses[] = PMA_analyzeTable($tables[$i]);
|
||||||
@@ -289,7 +296,7 @@ if (strlen($db)) {
|
|||||||
if ($db_name === NULL) {
|
if ($db_name === NULL) {
|
||||||
$db_name = 'XML_DB';
|
$db_name = 'XML_DB';
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Set database collation/charset */
|
/* Set database collation/charset */
|
||||||
$options = array(
|
$options = array(
|
||||||
'db_collation' => $collation,
|
'db_collation' => $collation,
|
||||||
|
|||||||
Reference in New Issue
Block a user