[SECURITY] XML entity expansion 34/46834/2
authorBenni Mack <benni@typo3.org>
Tue, 23 Feb 2016 10:45:30 +0000 (11:45 +0100)
committerOliver Hader <oliver.hader@typo3.org>
Tue, 23 Feb 2016 10:46:04 +0000 (11:46 +0100)
commit0103f48c86ca1a15a3c6326a0a913cb5395681d1
treeabf18829d2268619a62b19c4012e42575dae2c7a
parent3163daa08f9027d1cca96bd7fd92eaf4dda49c0d
[SECURITY] XML entity expansion

Remote XML entites can be loaded in places where TYPO3 expects
only local files to be fetched. All places are changed so
the option to load entities is disabled.

Resolves: #61269
Releases: master, 7.6, 6.2
Security-Commit: 736a7ef0823893047843c6a7f5e72b220bfd4697
Security-Bulletins: TYPO3-CORE-SA-2016-005, 006, 007, 008
Change-Id: I26701fc2ffb5aed7ccbd96c168aef571d012091e
Reviewed-on: https://review.typo3.org/46834
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
17 files changed:
typo3/sysext/adodb/Documentation/Index.rst
typo3/sysext/adodb/adodb/adodb-xmlschema.inc.php
typo3/sysext/adodb/adodb/adodb-xmlschema03.inc.php
typo3/sysext/core/Classes/Imaging/IconProvider/SvgIconProvider.php
typo3/sysext/core/Classes/Localization/Parser/AbstractXmlParser.php
typo3/sysext/core/Classes/Localization/Parser/LocallangXmlParser.php
typo3/sysext/core/Classes/Type/File/ImageInfo.php
typo3/sysext/core/Classes/Utility/GeneralUtility.php
typo3/sysext/core/Tests/FunctionalTestCase.php
typo3/sysext/documentation/Classes/Service/DocumentationService.php
typo3/sysext/extensionmanager/Classes/Utility/Parser/ExtensionXmlPushParser.php
typo3/sysext/extensionmanager/Classes/Utility/Parser/MirrorXmlPushParser.php
typo3/sysext/lang/Classes/Service/TerService.php
typo3/sysext/recycler/Tests/Functional/Recycle/AbstractRecycleTestCase.php
typo3/sysext/rtehtmlarea/Classes/Controller/SpellCheckingController.php
typo3/sysext/rtehtmlarea/Classes/Extension/MicroDataSchema.php
typo3/sysext/t3editor/Classes/TypoScriptReferenceLoader.php