Xml External Entity Injjection

  • How Wikipedia Transitioned to HHVM

    … PHP stream wrapper, which our implementation of DOMDocument didn’t properly support. We had a number of outstanding pull requests in this area, including a large one from WMF developer Tim Starling. The main problem blocking its merge was a potential security issue: The default PHP settings allow XML external entity injection attacks, which we…

    David Cohen/ AllFacebookin How To's- 20 readers -