[SECURITY] XML entity expansion 31/46831/2
authorBenni Mack <benni@typo3.org>
Tue, 23 Feb 2016 10:44:59 +0000 (11:44 +0100)
committerOliver Hader <oliver.hader@typo3.org>
Tue, 23 Feb 2016 10:45:33 +0000 (11:45 +0100)
commit7cf2831c04f8daf51e672219d817192e8ea6afca
tree9ff70c666fb60d3cbd5c4ada683b4e53aec55a19
parent815ac6c08bd815844db217b593b27b1f0e590c50
[SECURITY] XML entity expansion

Remote XML entites can be loaded in places where TYPO3 expects
only local files to be fetched. All places are changed so
the option to load entities is disabled.

Resolves: #61269
Releases: master, 7.6, 6.2
Security-Commit: 982210fb34fc2f9848aa1c478e1fa439949cf746
Security-Bulletins: TYPO3-CORE-SA-2016-005, 006, 007, 008
Change-Id: I9b7c8b81a7cfb0b26092eb6053b69c88415bd46a
Reviewed-on: https://review.typo3.org/46831
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
18 files changed:
typo3/sysext/adodb/Documentation/Index.rst
typo3/sysext/adodb/adodb/adodb-xmlschema.inc.php
typo3/sysext/adodb/adodb/adodb-xmlschema03.inc.php
typo3/sysext/core/Classes/Imaging/IconProvider/SvgIconProvider.php
typo3/sysext/core/Classes/Localization/Parser/AbstractXmlParser.php
typo3/sysext/core/Classes/Localization/Parser/LocallangXmlParser.php
typo3/sysext/core/Classes/Type/File/ImageInfo.php
typo3/sysext/core/Classes/Utility/GeneralUtility.php
typo3/sysext/core/Tests/FunctionalTestCase.php
typo3/sysext/documentation/Classes/Service/DocumentationService.php
typo3/sysext/extensionmanager/Classes/Utility/Parser/ExtensionXmlPushParser.php
typo3/sysext/extensionmanager/Classes/Utility/Parser/MirrorXmlPushParser.php
typo3/sysext/fluid/Classes/Service/AbstractGenerator.php
typo3/sysext/lang/Classes/Service/TerService.php
typo3/sysext/recycler/Tests/Functional/Recycle/AbstractRecycleTestCase.php
typo3/sysext/rtehtmlarea/Classes/Controller/SpellCheckingController.php
typo3/sysext/rtehtmlarea/Classes/Extension/MicroDataSchema.php
typo3/sysext/t3editor/Classes/TypoScriptReferenceLoader.php