diff --git a/Documentation.html b/Documentation.html
index c8afb3340..41e42aafc 100644
--- a/Documentation.html
+++ b/Documentation.html
@@ -82,6 +82,9 @@ vim: expandtab ts=4 sw=4 sts=4 tw=78
To support BLOB streaming, see PHP and MySQL requirements
in
FAQ 6.25.
+ To support XML and Open Document Spreadsheet importing,
+ you need PHP 5.2.17 or newer and the
+ libxml extension.
MySQL 5.0 or newer (details);
diff --git a/libraries/import/ods.php b/libraries/import/ods.php
index d50bee99d..cd48f68d5 100644
--- a/libraries/import/ods.php
+++ b/libraries/import/ods.php
@@ -13,6 +13,13 @@ if (! defined('PHPMYADMIN')) {
exit;
}
+/**
+ * We need way to disable external XML entities processing.
+ */
+if (!function_exists('libxml_disable_entity_loader')) {
+ return;
+}
+
/**
* The possible scopes for $plugin_param are: 'table', 'database', and 'server'
*/
@@ -60,6 +67,11 @@ while (! ($finished && $i >= $len) && ! $error && ! $timeout_passed) {
unset($data);
+/**
+ * Disable loading of external XML entities.
+ */
+libxml_disable_entity_loader();
+
/**
* Load the XML string
*
diff --git a/libraries/import/xml.php b/libraries/import/xml.php
index 36af78883..0afbd15ae 100644
--- a/libraries/import/xml.php
+++ b/libraries/import/xml.php
@@ -12,6 +12,13 @@ if (! defined('PHPMYADMIN')) {
exit;
}
+/**
+ * We need way to disable external XML entities processing.
+ */
+if (!function_exists('libxml_disable_entity_loader')) {
+ return;
+}
+
/**
* The possible scopes for $plugin_param are: 'table', 'database', and 'server'
*/
@@ -53,6 +60,11 @@ while (! ($finished && $i >= $len) && ! $error && ! $timeout_passed) {
unset($data);
+/**
+ * Disable loading of external XML entities.
+ */
+libxml_disable_entity_loader();
+
/**
* Load the XML string
*
@@ -138,19 +150,19 @@ if (isset($namespaces['pma'])) {
* Get structures for all tables
*/
$struct = $xml->children($namespaces['pma']);
-
+
$create = array();
-
+
foreach ($struct as $tier1 => $val1) {
foreach($val1 as $tier2 => $val2) {
/* Need to select the correct database for the creation of tables, views, triggers, etc. */
/**
- * @todo Generating a USE here blocks importing of a table
- * into another database.
+ * @todo Generating a USE here blocks importing of a table
+ * into another database.
*/
$attrs = $val2->attributes();
$create[] = "USE " . PMA_backquote($attrs["name"]);
-
+
foreach ($val2 as $val3) {
/**
* Remove the extra cosmetic spacing
@@ -160,7 +172,7 @@ if (isset($namespaces['pma'])) {
}
}
}
-
+
$struct_present = true;
}
@@ -176,13 +188,13 @@ $data_present = false;
*/
if (@count($xml->children())) {
$data_present = true;
-
+
/**
* Process all database content
*/
foreach ($xml as $k1 => $v1) {
$tbl_attr = $v1->attributes();
-
+
$isInTables = false;
for ($i = 0; $i < count($tables); ++$i) {
if (! strcmp($tables[$i][TBL_NAME], (string)$tbl_attr['name'])) {
@@ -190,11 +202,11 @@ if (@count($xml->children())) {
break;
}
}
-
+
if ($isInTables == false) {
$tables[] = array((string)$tbl_attr['name']);
}
-
+
foreach ($v1 as $k2 => $v2) {
$row_attr = $v2->attributes();
if (! array_search((string)$row_attr['name'], $tempRow))
@@ -203,17 +215,17 @@ if (@count($xml->children())) {
}
$tempCells[] = (string)$v2;
}
-
+
$rows[] = array((string)$tbl_attr['name'], $tempRow, $tempCells);
-
+
$tempRow = array();
$tempCells = array();
}
-
+
unset($tempRow);
unset($tempCells);
unset($xml);
-
+
/**
* Bring accumulated rows into the corresponding table
*/
@@ -224,17 +236,17 @@ if (@count($xml->children())) {
if (! isset($tables[$i][COL_NAMES])) {
$tables[$i][] = $rows[$j][COL_NAMES];
}
-
+
$tables[$i][ROWS][] = $rows[$j][ROWS];
}
}
}
-
+
unset($rows);
-
+
if (! $struct_present) {
$analyses = array();
-
+
$len = count($tables);
for ($i = 0; $i < $len; ++$i) {
$analyses[] = PMA_analyzeTable($tables[$i]);
@@ -286,7 +298,7 @@ if (strlen($db)) {
if ($db_name === NULL) {
$db_name = 'XML_DB';
}
-
+
/* Set database collation/charset */
$options = array(
'db_collation' => $collation,