Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
2
2
2462014-05-03 11:30:49
PHP
246, 2014-05-03 11:30:49

How to protect a web application written in php from injecting external XML entities?

Hello.
You need to protect your web application (written in php using Symfony 2.0.18) from injecting external XML entities. Namely, according to the recommendation, "prohibit support for external entities (External Entity), external parameters of entities (External Parameter Entity) and external DTDs (External Doctype)".
The potentially dangerous simplexml_load_string command , which is used in particular in the phpexcel module.
Is it enough to use the libxml_disable_entity_loader(true) function ? And in what place of the project to execute it?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

0 answer(s)
Similar questions
S
sergeybogevolny2015-04-06 21:36:50
Is there an example of interaction between bootstrap wizard form and php? 2Reply
A
Anton2021-03-27 12:39:53
Getting the selected radio item and passing it to the email body, how to display the selected item? 2Reply
A
Artem Melnykov2019-09-11 09:24:58
What to do if android sdk is not installed? 2Reply
K
khudobinvasiliy2021-04-02 20:04:00
How to resolve 500 error on Flask Heroku? 3Reply
V
VAZSOFT2019-09-28 20:55:53
Save POST request to TXT? 5Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question