Closed doc75 closed 3 years ago
Thanks, it should be fixed with version 8.11
@tontof thanks, warning is gone with PHP 8. As far as i understand your fix, it means that the security fix used for version 7 of PHP and below is not activated when using PHP 8. Is this a problem ?
From https://www.php.net/manual/en/function.libxml-disable-entity-loader.php#125661 it should not be a problem:
"In PHP 8.0 and later, PHP uses libxml versions from 2.9.0, libxml_disable_entity_loader is deprecated.
so it is now safe to remove all libxml_disable_entity_loader
calls on php8"
From the doc: "However, as of libxml 2.9.0 entity substitution is disabled by default"
Issue solved in 8.11
I just run kriss_feed 8.10 on PHP 8.0 and the latest security fixes are generating a warning message during feed update:
According to this article, it is better to use
libxml_set_external_entity_loader()
to disable external loaders.I prefer not to push a PR, as I do not understand exactly how to use the recommended API. If you need me to test the fix, no probelm, just let me know, I'll be more than happy to help.