XliffLoader depends on state of libxml_disable_entity_loader

[drola]

Q	A
Bundle version	1.5.x
Symfony version	3.4.x
PHP version	7.3, 7.4

Expected behavior

libxml_disable_entity_loader(true);
$l = new  JMS\TranslationBundle\Translation\Loader\Symfony\XliffLoader();
$l->load('/code/vendor/symfony/symfony/src/Symfony/Component/Validator/Resources/translations/validators.sv.xlf', 'sv');

//Should not throw an exception

Actual behavior

libxml_disable_entity_loader(true);
$l = new  JMS\TranslationBundle\Translation\Loader\Symfony\XliffLoader();
$l->load('/code/vendor/symfony/symfony/src/Symfony/Component/Validator/Resources/translations/validators.sv.xlf', 'sv');

// Throws JMS\TranslationBundle\Exception\RuntimeException: An error occurred while reading "/code/vendor/symfony/symfony/src/Symfony/Component/Validator/Resources/translations/validators.sv.xlf": failed to load external entity "/code/vendor/symfony/symfony/src/Symfony/Component/Validator/Resources/translations/validators.sv.xlf"

Suggested solution

Load Xliff files using simplexml_load_string(file_get_contents($pathToXml)) instead of simplexml_load_file($pathToXml).

Context

Translations where failing to load in an app where I also use https://github.com/PHPOffice/PhpSpreadsheet . This package (and possibly other code) change value of libxml_disable_entity_loader. Side effect of that is breakage of simplexml_load_file().

XliffFileLoader in Symfony uses XmlUtils::loadFile(...) which also uses file_get_contents() before using an XML parser. See https://github.com/symfony/symfony/blob/v3.4.40/src/Symfony/Component/Config/Util/XmlUtils.php

[goetas]

Can you check https://github.com/schmittjoh/JMSTranslationBundle/pull/543 ?

[goetas]

closed by https://github.com/schmittjoh/JMSTranslationBundle/pull/543