Merge pull request #2 from magento-trigger/zf1-update

php 8 compatibility in Zend_Xml_Security class
magento · Sep 15, 2021 · c8ab365 · c8ab365
2 parents 6ad8150 + c5206c6
commit c8ab365
Showing 1 changed file with 13 additions and 6 deletions.
diff --git a/library/Zend/Xml/Security.php b/library/Zend/Xml/Security.php
@@ -83,7 +83,10 @@ public static function scan($xml, DOMDocument $dom = null)
         }
 
         if (!self::isPhpFpm()) {
-            $loadEntities = libxml_disable_entity_loader(true);
+            if (LIBXML_VERSION < 20900) {
+                // this function no longer has an effect in PHP 8.0, but it's required in earlier versions
+                $loadEntities = libxml_disable_entity_loader(true);
+            }
             $useInternalXmlErrors = libxml_use_internal_errors(true);
         }
 
@@ -97,7 +100,9 @@ public static function scan($xml, DOMDocument $dom = null)
         if (!$result) {
             // Entity load to previous setting
             if (!self::isPhpFpm()) {
-                libxml_disable_entity_loader($loadEntities);
+                if (isset($loadEntities)) {
+                    libxml_disable_entity_loader($loadEntities);
+                }
                 libxml_use_internal_errors($useInternalXmlErrors);
             }
             return false;
@@ -117,7 +122,9 @@ public static function scan($xml, DOMDocument $dom = null)
 
         // Entity load to previous setting
         if (!self::isPhpFpm()) {
-            libxml_disable_entity_loader($loadEntities);
+            if (isset($loadEntities)) {
+                libxml_disable_entity_loader($loadEntities);
+            }
             libxml_use_internal_errors($useInternalXmlErrors);
         }
 
@@ -167,10 +174,10 @@ public static function scanFile($file, DOMDocument $dom = null)
     public static function isPhpFpm()
     {
         $isVulnerableVersion = (
-            version_compare(PHP_VERSION, '5.5.22', 'lt')
+            version_compare(PHP_VERSION, '5.5.22', '<')
             || (
-                version_compare(PHP_VERSION, '5.6', 'gte')
-                && version_compare(PHP_VERSION, '5.6.6', 'lt')
+                version_compare(PHP_VERSION, '5.6', '>=')
+                && version_compare(PHP_VERSION, '5.6.6', '<')
             )
         );