If is called
libxml_disable_entity_loader(true);
, it causes that new SoapClient(.) fails with
SOAP-ERROR: Parsing WSDL: Couldn't load from 'D:\path/dm_operations.wsdl' : failed to load external entity "D:\path/dm_operations.wsdl
because this wsdl imports a xsd as an another external file.
Tested on php 7.1.12, win x64.
PHP - Manual: libxml_disable_entity_loader
2024-04-28
libxml_disable_entity_loader
(PHP 5 >= 5.2.11, PHP 7, PHP 8)
libxml_disable_entity_loader — Disable the ability to load external entities
警告
本函数已自 PHP 8.0.0 起被废弃。强烈建议不要依赖本函数。
说明
libxml_disable_entity_loader(bool
$disable = true): bool
Disable/enable the ability to load external entities.
Note that disabling the loading of external entities may cause general issues
with loading XML documents. However, as of libxml 2.9.0 entity substitution
is disabled by default, so there is no need to disable the loading of external
entities,
unless there is the need to resolve internal entity references with LIBXML_NOENT.
Generally, it is preferable to use libxml_set_external_entity_loader()
to suppress loading of external entities.
参数
返回值
Returns the previous value.
参见
- libxml_use_internal_errors() - Disable libxml errors and allow user to fetch error information as needed
- libxml_set_external_entity_loader() - Changes the default external entity loader
- The
LIBXML_NOENTconstant
add a note
User Contributed Notes 6 notes
vavra at 602 dot cz ¶
4 years ago
suconghou at gmail dot com ¶
1 year ago
In PHP 8.0 and later, PHP uses libxml versions from 2.9.0, libxml_disable_entity_loader is deprecated.
so it is now safe to remove all `libxml_disable_entity_loader` calls on php8
if you want Backwards Compatibility
use this snippet
if (\PHP_VERSION_ID < 80000) {
libxml_disable_entity_loader(true);
}
phofstetter at sensational dot ch ¶
8 years ago
Be mindful that this also disables url loading in simplexml_load_file() and likely other libxml based functions that deal with URLs
simonsimcity ¶
10 years ago
Using this function you can prevent a vulnerable to Local and Remote File Inclusion attacks.
You'll see it in an example where I load and validate the following string:
<!DOCTYPE scan [<!ENTITY test SYSTEM "php://filter/read=convert.base64-encode/resource=/etc/passwd">]>
<scan>&test;</scan>
One way to prevent that the file in given back is to set this value to 0.
Please take a closer look at the release of symfony 2.0.11
daschtour at me dot com ¶
8 years ago
This function was reported to be not thread safe. So this might affect php-scripts on the same server.
brendan at bloodbone dot ws ¶
8 years ago
This also seems to have an impact on <xsl:import /> statements if this is applied when loading XSLT for the XSLTProcessor class.
官方地址:https://www.php.net/manual/en/function.libxml-disable-entity-loader.php
IT
PHP
编程语言
Linux
科技
开发编程
Elasticsearch
HTML/CSS/XML
网络
JAVA
NoSQL
C/C++
面试
Golang
数据库
Git
算法
正则表达式
操作系统
Redis
互联网
MySql
JavaScript
运维
软件
架构设计
Mac OS
国际
TCP/IP
Excel
Vim
Socket
Windows
Oracle
VR
MongoDB
运营
Python
MemCache
商业
硬件
电子
设计
nginx
娱乐
摄影
游戏
WordPress
HTTP
团建
数码电器
广告
广告
php7 安装fileinfo扩展
preg_split — 通过一个正则表达式分隔字符串
[PHP] inet_pton/inet_ntop IP地址转换函数
php位值,解决 PHP 中 usort 在值相同时改变原始位置的问题
PHPMailer设置utf8 PHPMailer字符集CharSet
如何在Composer中为GitLab实例设置访问令牌
array_multisort() 多字段排序
laravel框架查看sql语句方式
[原创]诡异的php-fpm超时问题
PHP获取指定函数定义在哪个文件中及行号
利用php soap实现web service
php设置cookie为httponly防止xss攻击
PHP5 扩展SOAP 调用 webservice
PHP7添加redis扩展
PHP-FPM进程数的设定
利用PHP SOAP实现WEB SERVICE
PHPstorm 里面Terminal 不能使用 esc键吗退出编辑模式吗
纯php实现DES以及TripleDES加密算法
PHP - mysql_real_escape_string()与mysql_escape_string() 的区别
ADORecordSet对象