PHP 8.0: libxml_disable_entity_loader is deprecated

[doc75]

I just run kriss_feed 8.10 on PHP 8.0 and the latest security fixes are generating a warning message during feed update:

Deprecated: Function libxml_disable_entity_loader() is deprecated in /var/www/html/index.php on line 4887

Deprecated: Function libxml_disable_entity_loader() is deprecated in /var/www/html/index.php on line 4892

According to this article, it is better to use libxml_set_external_entity_loader() to disable external loaders.

I prefer not to push a PR, as I do not understand exactly how to use the recommended API. If you need me to test the fix, no probelm, just let me know, I'll be more than happy to help.

[tontof]

Thanks, it should be fixed with version 8.11

[doc75]

@tontof thanks, warning is gone with PHP 8. As far as i understand your fix, it means that the security fix used for version 7 of PHP and below is not activated when using PHP 8. Is this a problem ?

[tontof]

From https://www.php.net/manual/en/function.libxml-disable-entity-loader.php#125661 it should not be a problem: "In PHP 8.0 and later, PHP uses libxml versions from 2.9.0, libxml_disable_entity_loader is deprecated. so it is now safe to remove all libxml_disable_entity_loader calls on php8"

[tontof]

From the doc: "However, as of libxml 2.9.0 entity substitution is disabled by default"

[doc75]

Issue solved in 8.11