[DomCrawler] Dont use LIBXML_PARSEHUGE by default

nicolas-grekas · nicolas-grekas · commit fda32f8c4311 · 2016-03-02T15:53:47.000+01:00
diff --git a/src/Symfony/Component/DomCrawler/Crawler.php b/src/Symfony/Component/DomCrawler/Crawler.php
@@ -219,8 +219,11 @@ function ($m) {
      *
      * @param string $content The XML content
      * @param string $charset The charset
+     * @param int    $options Bitwise OR of the libxml option constants
+     *                        LIBXML_PARSEHUGE is dangerous, see
+     *                        http://symfony.com/blog/security-release-symfony-2-0-17-released
      */
-    public function addXmlContent($content, $charset = 'UTF-8')
+    public function addXmlContent($content, $charset = 'UTF-8', $options = LIBXML_NONET)
     {
         $internalErrors = libxml_use_internal_errors(true);
         $disableEntities = libxml_disable_entity_loader(true);
@@ -230,7 +233,7 @@ public function addXmlContent($content, $charset = 'UTF-8')
 
         if ('' !== trim($content)) {
             // remove the default namespace to make XPath expressions simpler
-            @$dom->loadXML(str_replace('xmlns', 'ns', $content), LIBXML_NONET | (defined('LIBXML_PARSEHUGE') ? LIBXML_PARSEHUGE : 0));
+            @$dom->loadXML(str_replace('xmlns', 'ns', $content), $options);
         }
 
         libxml_use_internal_errors($internalErrors);

Original file line number	Diff line number	Diff line change
`@@ -219,8 +219,11 @@ function ($m) {`
`219`	`219`	`*`
`220`	`220`	`* @param string $content The XML content`
`221`	`221`	`* @param string $charset The charset`
	`222`	`+ * @param int $options Bitwise OR of the libxml option constants`
	`223`	`+ * LIBXML_PARSEHUGE is dangerous, see`
	`224`	`+ * http://symfony.com/blog/security-release-symfony-2-0-17-released`
`222`	`225`	`*/`
`223`		`- public function addXmlContent($content, $charset = 'UTF-8')`
	`226`	`+ public function addXmlContent($content, $charset = 'UTF-8', $options = LIBXML_NONET)`
`224`	`227`	`{`
`225`	`228`	`$internalErrors = libxml_use_internal_errors(true);`
`226`	`229`	`$disableEntities = libxml_disable_entity_loader(true);`
`@@ -230,7 +233,7 @@ public function addXmlContent($content, $charset = 'UTF-8')`
`230`	`233`
`231`	`234`	`if ('' !== trim($content)) {`
`232`	`235`	`// remove the default namespace to make XPath expressions simpler`
`233`		`- @$dom->loadXML(str_replace('xmlns', 'ns', $content), LIBXML_NONET \| (defined('LIBXML_PARSEHUGE') ? LIBXML_PARSEHUGE : 0));`
	`236`	`+ @$dom->loadXML(str_replace('xmlns', 'ns', $content), $options);`
`234`	`237`	`}`
`235`	`238`
`236`	`239`	`libxml_use_internal_errors($internalErrors);`