From 0a39476561e77e9bcb3786fcc973d4a49af41783 Mon Sep 17 00:00:00 2001
From: Benni Mack <benni@typo3.org>
Date: Sat, 2 Jan 2021 21:53:41 +0100
Subject: [PATCH] [BUGFIX] Do not call "libxml_disable_entity_loader" in PHP 8
Because the method (finally) is deprecated in PHP 8,
all calls in TYPO3 Core are wrapped in if statements
to avoid deprecation warnings.
PHP 8 effectively is more secure by default,
which is a good thing, but we need to consider this
in our code base, which still supports PHP 7
as well.
Resolves: #93204
Releases: master, 10.4
Change-Id: I18d7e76e3de5cf48cd4c3cab0d68dea4e518f674
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67329
Tested-by: Georg Ringer <georg.ringer@gmail.com>
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Benjamin Franzke <bfr@qbus.de>
Reviewed-by: Georg Ringer <georg.ringer@gmail.com>
Reviewed-by: Benjamin Franzke <bfr@qbus.de>
---
.../IconProvider/AbstractSvgIconProvider.php | 9 +++++++--
.../Localization/Parser/AbstractXmlParser.php | 9 +++++++--
.../core/Classes/Type/File/ImageInfo.php | 10 +++++++---
.../core/Classes/Utility/GeneralUtility.php | 18 ++++++++++++++----
.../dashboard/Classes/Widgets/RssWidget.php | 9 +++++++--
.../Utility/Parser/ExtensionXmlPushParser.php | 9 +++++++--
.../ScalableVectorGraphicsContentObject.php | 9 +++++++--
.../Recycle/AbstractRecycleTestCase.php | 8 ++++++--
.../TypoScriptReferenceController.php | 9 +++++++--
9 files changed, 69 insertions(+), 21 deletions(-)
diff --git a/typo3/sysext/core/Classes/Imaging/IconProvider/AbstractSvgIconProvider.php b/typo3/sysext/core/Classes/Imaging/IconProvider/AbstractSvgIconProvider.php
index b62a5611c32a..86eca9e3f126 100644
--- a/typo3/sysext/core/Classes/Imaging/IconProvider/AbstractSvgIconProvider.php
+++ b/typo3/sysext/core/Classes/Imaging/IconProvider/AbstractSvgIconProvider.php
@@ -53,12 +53,17 @@ abstract class AbstractSvgIconProvider
}
$svgContent = (string)preg_replace('/<script[\s\S]*?>[\s\S]*?<\/script>/i', '', $svgContent);
// Disables the functionality to allow external entities to be loaded when parsing the XML, must be kept
- $previousValueOfEntityLoader = libxml_disable_entity_loader(true);
+ $previousValueOfEntityLoader = null;
+ if (PHP_MAJOR_VERSION < 8) {
+ $previousValueOfEntityLoader = libxml_disable_entity_loader(true);
+ }
$svgElement = simplexml_load_string($svgContent);
+ if (PHP_MAJOR_VERSION < 8) {
+ libxml_disable_entity_loader($previousValueOfEntityLoader);
+ }
if ($svgElement === false) {
return '';
}
- libxml_disable_entity_loader($previousValueOfEntityLoader);
// remove xml version tag
$domXml = dom_import_simplexml($svgElement);
diff --git a/typo3/sysext/core/Classes/Localization/Parser/AbstractXmlParser.php b/typo3/sysext/core/Classes/Localization/Parser/AbstractXmlParser.php
index ed61e2897440..bfb8accd17cc 100644
--- a/typo3/sysext/core/Classes/Localization/Parser/AbstractXmlParser.php
+++ b/typo3/sysext/core/Classes/Localization/Parser/AbstractXmlParser.php
@@ -80,9 +80,14 @@ abstract class AbstractXmlParser implements LocalizationParserInterface
);
}
// Disables the functionality to allow external entities to be loaded when parsing the XML, must be kept
- $previousValueOfEntityLoader = libxml_disable_entity_loader(true);
+ $previousValueOfEntityLoader = null;
+ if (PHP_MAJOR_VERSION < 8) {
+ $previousValueOfEntityLoader = libxml_disable_entity_loader(true);
+ }
$rootXmlNode = simplexml_load_string($xmlContent, \SimpleXMLElement::class, LIBXML_NOWARNING);
- libxml_disable_entity_loader($previousValueOfEntityLoader);
+ if (PHP_MAJOR_VERSION < 8) {
+ libxml_disable_entity_loader($previousValueOfEntityLoader);
+ }
if ($rootXmlNode === false) {
$xmlError = libxml_get_last_error();
throw new InvalidXmlFileException(
diff --git a/typo3/sysext/core/Classes/Type/File/ImageInfo.php b/typo3/sysext/core/Classes/Type/File/ImageInfo.php
index f41c80897441..212b577b5d25 100644
--- a/typo3/sysext/core/Classes/Type/File/ImageInfo.php
+++ b/typo3/sysext/core/Classes/Type/File/ImageInfo.php
@@ -124,15 +124,19 @@ class ImageInfo extends FileInfo implements LoggerAwareInterface
return false;
}
// Disables the functionality to allow external entities to be loaded when parsing the XML, must be kept
- $previousValueOfEntityLoader = libxml_disable_entity_loader(true);
+ $previousValueOfEntityLoader = null;
+ if (PHP_MAJOR_VERSION < 8) {
+ $previousValueOfEntityLoader = libxml_disable_entity_loader(true);
+ }
$xml = simplexml_load_string($fileContent, \SimpleXMLElement::class, LIBXML_NOERROR | LIBXML_NOWARNING);
-
+ if (PHP_MAJOR_VERSION < 8) {
+ libxml_disable_entity_loader($previousValueOfEntityLoader);
+ }
// If something went wrong with simpleXml don't try to read information
if ($xml === false) {
return false;
}
- libxml_disable_entity_loader($previousValueOfEntityLoader);
$xmlAttributes = $xml->attributes();
// First check if width+height are set
diff --git a/typo3/sysext/core/Classes/Utility/GeneralUtility.php b/typo3/sysext/core/Classes/Utility/GeneralUtility.php
index b682da444da7..44010ae1ee4f 100644
--- a/typo3/sysext/core/Classes/Utility/GeneralUtility.php
+++ b/typo3/sysext/core/Classes/Utility/GeneralUtility.php
@@ -1256,7 +1256,10 @@ class GeneralUtility
public static function xml2tree($string, $depth = 999, $parserOptions = [])
{
// Disables the functionality to allow external entities to be loaded when parsing the XML, must be kept
- $previousValueOfEntityLoader = libxml_disable_entity_loader(true);
+ $previousValueOfEntityLoader = null;
+ if (PHP_MAJOR_VERSION < 8) {
+ $previousValueOfEntityLoader = libxml_disable_entity_loader(true);
+ }
$parser = xml_parser_create();
$vals = [];
$index = [];
@@ -1266,7 +1269,9 @@ class GeneralUtility
xml_parser_set_option($parser, $option, $value);
}
xml_parse_into_struct($parser, $string, $vals, $index);
- libxml_disable_entity_loader($previousValueOfEntityLoader);
+ if (PHP_MAJOR_VERSION < 8) {
+ libxml_disable_entity_loader($previousValueOfEntityLoader);
+ }
if (xml_get_error_code($parser)) {
return 'Line ' . xml_get_current_line_number($parser) . ': ' . xml_error_string(xml_get_error_code($parser));
}
@@ -1480,7 +1485,10 @@ class GeneralUtility
protected static function xml2arrayProcess($string, $NSprefix = '', $reportDocTag = false)
{
// Disables the functionality to allow external entities to be loaded when parsing the XML, must be kept
- $previousValueOfEntityLoader = libxml_disable_entity_loader(true);
+ $previousValueOfEntityLoader = null;
+ if (PHP_MAJOR_VERSION < 8) {
+ $previousValueOfEntityLoader = libxml_disable_entity_loader(true);
+ }
// Create parser:
$parser = xml_parser_create();
$vals = [];
@@ -1495,7 +1503,9 @@ class GeneralUtility
xml_parser_set_option($parser, XML_OPTION_TARGET_ENCODING, $theCharset);
// Parse content:
xml_parse_into_struct($parser, $string, $vals, $index);
- libxml_disable_entity_loader($previousValueOfEntityLoader);
+ if (PHP_MAJOR_VERSION < 8) {
+ libxml_disable_entity_loader($previousValueOfEntityLoader);
+ }
// If error, return error message:
if (xml_get_error_code($parser)) {
return 'Line ' . xml_get_current_line_number($parser) . ': ' . xml_error_string(xml_get_error_code($parser));
diff --git a/typo3/sysext/dashboard/Classes/Widgets/RssWidget.php b/typo3/sysext/dashboard/Classes/Widgets/RssWidget.php
index 96d53e45ffbc..22d70d507115 100644
--- a/typo3/sysext/dashboard/Classes/Widgets/RssWidget.php
+++ b/typo3/sysext/dashboard/Classes/Widgets/RssWidget.php
@@ -105,9 +105,14 @@ class RssWidget implements WidgetInterface
if ($rssContent === false) {
throw new \RuntimeException('RSS URL could not be fetched', 1573385431);
}
- $previousValueOfEntityLoader = libxml_disable_entity_loader(true);
+ $previousValueOfEntityLoader = null;
+ if (PHP_MAJOR_VERSION < 8) {
+ $previousValueOfEntityLoader = libxml_disable_entity_loader(true);
+ }
$rssFeed = simplexml_load_string($rssContent);
- libxml_disable_entity_loader($previousValueOfEntityLoader);
+ if (PHP_MAJOR_VERSION < 8) {
+ libxml_disable_entity_loader($previousValueOfEntityLoader);
+ }
$items = [];
foreach ($rssFeed->channel->item as $item) {
$items[] = [
diff --git a/typo3/sysext/extensionmanager/Classes/Utility/Parser/ExtensionXmlPushParser.php b/typo3/sysext/extensionmanager/Classes/Utility/Parser/ExtensionXmlPushParser.php
index 8565b3a63460..2188aeb8755e 100644
--- a/typo3/sysext/extensionmanager/Classes/Utility/Parser/ExtensionXmlPushParser.php
+++ b/typo3/sysext/extensionmanager/Classes/Utility/Parser/ExtensionXmlPushParser.php
@@ -67,7 +67,10 @@ class ExtensionXmlPushParser extends AbstractExtensionXmlParser
throw new ExtensionManagerException('Unable to create XML parser.', 1342640663);
}
// Disables the functionality to allow external entities to be loaded when parsing the XML, must be kept
- $previousValueOfEntityLoader = libxml_disable_entity_loader(true);
+ $previousValueOfEntityLoader = null;
+ if (PHP_MAJOR_VERSION < 8) {
+ $previousValueOfEntityLoader = libxml_disable_entity_loader(true);
+ }
// keep original character case of XML document
xml_parser_set_option($this->objXml, XML_OPTION_CASE_FOLDING, false);
xml_parser_set_option($this->objXml, XML_OPTION_SKIP_WHITE, false);
@@ -82,7 +85,9 @@ class ExtensionXmlPushParser extends AbstractExtensionXmlParser
throw new ExtensionManagerException(sprintf('XML error %s in line %u of file resource %s.', xml_error_string(xml_get_error_code($this->objXml)), xml_get_current_line_number($this->objXml), $file), 1342640703);
}
}
- libxml_disable_entity_loader($previousValueOfEntityLoader);
+ if (PHP_MAJOR_VERSION < 8) {
+ libxml_disable_entity_loader($previousValueOfEntityLoader);
+ }
xml_parser_free($this->objXml);
}
diff --git a/typo3/sysext/frontend/Classes/ContentObject/ScalableVectorGraphicsContentObject.php b/typo3/sysext/frontend/Classes/ContentObject/ScalableVectorGraphicsContentObject.php
index c22b84ef981c..d871d11bf711 100644
--- a/typo3/sysext/frontend/Classes/ContentObject/ScalableVectorGraphicsContentObject.php
+++ b/typo3/sysext/frontend/Classes/ContentObject/ScalableVectorGraphicsContentObject.php
@@ -55,9 +55,14 @@ class ScalableVectorGraphicsContentObject extends AbstractContentObject
$svgContent = (string)file_get_contents($src);
$svgContent = preg_replace('/<script[\s\S]*?>[\s\S]*?<\/script>/i', '', $svgContent) ?? '';
// Disables the functionality to allow external entities to be loaded when parsing the XML, must be kept
- $previousValueOfEntityLoader = libxml_disable_entity_loader();
+ $previousValueOfEntityLoader = null;
+ if (PHP_MAJOR_VERSION < 8) {
+ $previousValueOfEntityLoader = libxml_disable_entity_loader();
+ }
$svgElement = simplexml_load_string($svgContent);
- libxml_disable_entity_loader($previousValueOfEntityLoader);
+ if (PHP_MAJOR_VERSION < 8) {
+ libxml_disable_entity_loader($previousValueOfEntityLoader);
+ }
$domXml = dom_import_simplexml($svgElement);
if (!$isDefaultWidth) {
diff --git a/typo3/sysext/recycler/Tests/Functional/Recycle/AbstractRecycleTestCase.php b/typo3/sysext/recycler/Tests/Functional/Recycle/AbstractRecycleTestCase.php
index f70999df0d93..9721c8ed2195 100644
--- a/typo3/sysext/recycler/Tests/Functional/Recycle/AbstractRecycleTestCase.php
+++ b/typo3/sysext/recycler/Tests/Functional/Recycle/AbstractRecycleTestCase.php
@@ -96,9 +96,13 @@ abstract class AbstractRecycleTestCase extends FunctionalTestCase
$data = [];
$fileContent = file_get_contents($path);
// Disables the functionality to allow external entities to be loaded when parsing the XML, must be kept
- $previousValueOfEntityLoader = libxml_disable_entity_loader(true);
+ if (PHP_MAJOR_VERSION < 8) {
+ $previousValueOfEntityLoader = libxml_disable_entity_loader(true);
+ }
$xml = simplexml_load_string($fileContent);
- libxml_disable_entity_loader($previousValueOfEntityLoader);
+ if (PHP_MAJOR_VERSION < 8) {
+ libxml_disable_entity_loader($previousValueOfEntityLoader);
+ }
/** @var $table \SimpleXMLElement */
foreach ($xml->children() as $table) {
diff --git a/typo3/sysext/t3editor/Classes/Controller/TypoScriptReferenceController.php b/typo3/sysext/t3editor/Classes/Controller/TypoScriptReferenceController.php
index 3e5a3664d443..cab03d06fd22 100644
--- a/typo3/sysext/t3editor/Classes/Controller/TypoScriptReferenceController.php
+++ b/typo3/sysext/t3editor/Classes/Controller/TypoScriptReferenceController.php
@@ -52,10 +52,15 @@ class TypoScriptReferenceController
protected function loadFile($filepath)
{
// Disables the functionality to allow external entities to be loaded when parsing the XML, must be kept
- $previousValueOfEntityLoader = libxml_disable_entity_loader();
+ $previousValueOfEntityLoader = null;
+ if (PHP_MAJOR_VERSION < 8) {
+ $previousValueOfEntityLoader = libxml_disable_entity_loader();
+ }
$this->xmlDoc = new \DOMDocument('1.0', 'utf-8');
$this->xmlDoc->loadXML(file_get_contents($filepath));
- libxml_disable_entity_loader($previousValueOfEntityLoader);
+ if (PHP_MAJOR_VERSION < 8) {
+ libxml_disable_entity_loader($previousValueOfEntityLoader);
+ }
// @TODO: oliver@typo3.org: I guess this is not required here
$this->xmlDoc->saveXML();
}
--
GitLab