/** * Handle request arguments for XML RPC * * @return void */ private function _setXmlRpcArgument() { if (self::getRequestMethod() != 'XMLRPC') { return; } $xml = $GLOBALS['HTTP_RAW_POST_DATA']; if (!Rhymix\Framework\Security::checkXEE($xml)) { header("HTTP/1.0 400 Bad Request"); exit; } if (function_exists('libxml_disable_entity_loader')) { libxml_disable_entity_loader(true); } $oXml = new XmlParser(); $xml_obj = $oXml->parse($xml); $params = $xml_obj->methodcall->params; unset($params->node_name, $params->attrs, $params->body); if (!count(get_object_vars($params))) { return; } foreach ($params as $key => $val) { self::set($key, $this->_filterXmlVars($key, $val), TRUE); } }
/** * @brief check XML External Entity * * @see from drupal. https://github.com/drupal/drupal/commit/90e884ad0f7f2cf269d953f7d70966de9fd821ff * * @param string $xml * @return bool */ public static function detectingXEE($xml) { return !Rhymix\Framework\Security::checkXEE($xml); }