Code Modernization: Only call libxml_disable_entity_loader() in PHP…

… < 8. This function has been deprecated in PHP 8.0 because in libxml 2.9.0, external entity loading is disabled by default, so this function is no longer needed to protect against XXE attacks. Props jrf. Fixes #50898. git-svn-id: https://develop.svn.wordpress.org/trunk@48789 602fd350-edb4-49c9-b593-d223f7449a82
WordPress · Aug 12, 2020 · ab9aee8 · ab9aee8
1 parent 1bf0a78
commit ab9aee8
Showing 1 changed file with 12 additions and 2 deletions.
diff --git a/src/wp-includes/class-wp-oembed.php b/src/wp-includes/class-wp-oembed.php
@@ -597,13 +597,23 @@ private function _parse_xml( $response_body ) {
 			return false;
 		}
 
-		$loader = libxml_disable_entity_loader( true );
+		if ( PHP_VERSION_ID < 80000 ) {
+			// This function has been deprecated in PHP 8.0 because in libxml 2.9.0, external entity loading
+			// is disabled by default, so this function is no longer needed to protect against XXE attacks.
+			// phpcs:ignore PHPCompatibility.FunctionUse.RemovedFunctions.libxml_disable_entity_loaderDeprecated
+			$loader = libxml_disable_entity_loader( true );
+		}
+
 		$errors = libxml_use_internal_errors( true );
 
 		$return = $this->_parse_xml_body( $response_body );
 
 		libxml_use_internal_errors( $errors );
-		libxml_disable_entity_loader( $loader );
+
+		if ( PHP_VERSION_ID < 80000 && isset( $loader ) ) {
+			// phpcs:ignore PHPCompatibility.FunctionUse.RemovedFunctions.libxml_disable_entity_loaderDeprecated
+			libxml_disable_entity_loader( $loader );
+		}
 
 		return $return;
 	}