|
@@ -138,8 +138,28 @@ function openid_redirect_form($form, &$form_state, $url, $message) {
|
|
|
*/
|
|
|
function _openid_xrds_parse($raw_xml) {
|
|
|
$services = array();
|
|
|
- try {
|
|
|
- $xml = @new SimpleXMLElement($raw_xml);
|
|
|
+
|
|
|
+ // For PHP version >= 5.2.11, we can use this function to protect against
|
|
|
+ // malicious doctype declarations and other unexpected entity loading.
|
|
|
+ // However, we will not rely on it, and reject any XML with a DOCTYPE.
|
|
|
+ $disable_entity_loader = function_exists('libxml_disable_entity_loader');
|
|
|
+ if ($disable_entity_loader) {
|
|
|
+ $load_entities = libxml_disable_entity_loader(TRUE);
|
|
|
+ }
|
|
|
+
|
|
|
+ // Load the XML into a DOM document.
|
|
|
+ $dom = new DOMDocument();
|
|
|
+ @$dom->loadXML($raw_xml);
|
|
|
+
|
|
|
+ // Since DOCTYPE declarations from an untrusted source could be malicious, we
|
|
|
+ // stop parsing here and treat the XML as invalid since XRDS documents do not
|
|
|
+ // require, and are not expected to have, a DOCTYPE.
|
|
|
+ if (isset($dom->doctype)) {
|
|
|
+ return array();
|
|
|
+ }
|
|
|
+
|
|
|
+ // Parse the DOM document for the information we need.
|
|
|
+ if ($xml = simplexml_import_dom($dom)) {
|
|
|
foreach ($xml->children(OPENID_NS_XRD)->XRD as $xrd) {
|
|
|
foreach ($xrd->children(OPENID_NS_XRD)->Service as $service_element) {
|
|
|
$service = array(
|
|
@@ -165,9 +185,12 @@ function _openid_xrds_parse($raw_xml) {
|
|
|
}
|
|
|
}
|
|
|
}
|
|
|
- catch (Exception $e) {
|
|
|
- // Invalid XML.
|
|
|
+
|
|
|
+ // Return the LIBXML options to the previous state before returning.
|
|
|
+ if ($disable_entity_loader) {
|
|
|
+ libxml_disable_entity_loader($load_entities);
|
|
|
}
|
|
|
+
|
|
|
return $services;
|
|
|
}
|
|
|
|