PHP 8.0 support and `libxml_disable_entity_loader`
ldebrouwer opened this issue · 2 comments
ldebrouwer commented
In PHP 8.0 libxml_disable_entity_loader
has been deprecated, and it throws a warning going forward. To support PHP 8.0 on the ^4.2.2
branch, as suggested by the composer.json, the calls to libxml_disable_entity_loader
in DOMDocumentFactory::fromString()
should be wrapped in version check, like so;
if (\PHP_VERSION_ID < 80000) {
libxml_disable_entity_loader($entityLoader);
}
thijskh commented
For the record, this is safe because PHP8 depends on a version of libxml that has external entities disabled.
It might be a good idea though, given the risk, to add a test for this so we ensure it is in fact disabled.
tvdijen commented
Closed in 04d0ed6 (v4.2.3). Thanks @ldebrouwer !