Skip to content

Commit feca344

Browse files
blizzzblizzz
authored
Merge pull request #39491 from nextcloud/backport/39490/stable27
[stable27] fix(apps): Fix loading info.xml file
2 parents 04d19fb + 2274977 commit feca344

3 files changed

Lines changed: 10 additions & 5 deletions

File tree

lib/base.php

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -588,6 +588,11 @@ private static function performSameSiteCookieProtection(\OCP\IConfig $config): v
588588
}
589589

590590
public static function init(): void {
591+
// prevent any XML processing from loading external entities
592+
libxml_set_external_entity_loader(static function () {
593+
return null;
594+
});
595+
591596
// calculate the root directories
592597
OC::$SERVERROOT = str_replace("\\", '/', substr(__DIR__, 0, -4));
593598

lib/private/App/InfoParser.php

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -31,7 +31,7 @@
3131

3232
use OCP\ICache;
3333
use function libxml_disable_entity_loader;
34-
use function simplexml_load_file;
34+
use function simplexml_load_string;
3535

3636
class InfoParser {
3737
/** @var \OCP\ICache|null */
@@ -63,10 +63,10 @@ public function parse($file) {
6363
libxml_use_internal_errors(true);
6464
if ((PHP_VERSION_ID < 80000)) {
6565
$loadEntities = libxml_disable_entity_loader(false);
66-
$xml = simplexml_load_file($file);
66+
$xml = simplexml_load_string(file_get_contents($file));
6767
libxml_disable_entity_loader($loadEntities);
6868
} else {
69-
$xml = simplexml_load_file($file);
69+
$xml = simplexml_load_string(file_get_contents($file));
7070
}
7171

7272
if ($xml === false) {

lib/private/Installer.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -333,10 +333,10 @@ public function downloadApp($appId, $allowUnstable = false) {
333333
// Check if appinfo/info.xml has the same app ID as well
334334
if ((PHP_VERSION_ID < 80000)) {
335335
$loadEntities = libxml_disable_entity_loader(false);
336-
$xml = simplexml_load_file($extractDir . '/' . $folders[0] . '/appinfo/info.xml');
336+
$xml = simplexml_load_string(file_get_contents($extractDir . '/' . $folders[0] . '/appinfo/info.xml'));
337337
libxml_disable_entity_loader($loadEntities);
338338
} else {
339-
$xml = simplexml_load_file($extractDir . '/' . $folders[0] . '/appinfo/info.xml');
339+
$xml = simplexml_load_string(file_get_contents($extractDir . '/' . $folders[0] . '/appinfo/info.xml'));
340340
}
341341
if ((string)$xml->id !== $appId) {
342342
throw new \Exception(

0 commit comments

Comments
 (0)