Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

stable

Clone or download

Read-only

Do not enable processing of external entities when validating the schema of XML files

Download Browse

This change is needed because PHP 8.0 deprecates usage of \libxml_disable_entity_loader() [0]. It also a good thing from a security PoV because it is one less spot where things can go bad. To achieve that, the RNG files are flatten before runtime so there is no need to include files when a XML files needs to be verified against a schema. A new Docker image is used to do the RNC to RNG transformation. It replaces the old one that was quite outdated and dealing with a lot of other things. Part of request #17931: Unit tests should pass with PHP 8.0 [0] https://github.com/php/php-src/blob/php-8.0.0RC3/UPGRADING#L873 Change-Id: I360c67ccef75980acb02a74cda60ebddc5c2be18

+7654 −91
Thomas Gerbet (tgerbet) 2020-10-30 18:41
Thomas Gerbet (tgerbet) 2020-10-30 18:41
2cbea545c549a42dd8075827887f6bc3553deeee
6cc63f56a938ebfc728b2e72bb3529933748132b
git #tuleap/stable/2cbea545c549a42dd8075827887f6bc3553deeee

Modified Files

Side by side diff
Inline diff
Name
M Makefile +2 −1 Go to diff View file
M plugins/agiledashboard/resources/xml_project_agiledashboard.rng +98 −3 Go to diff View file
M plugins/cardwall/resources/xml_project_cardwall.rng +83 −3 Go to diff View file
M plugins/docman/resources/docman.rng +166 −3 Go to diff View file
M plugins/svn/resources/svn.rng +44 −3 Go to diff View file
M plugins/testmanagement/resources/testmanagement.rng +8 −9 Go to diff View file
M plugins/testmanagement/resources/testmanagement_external_changeset.rng +10 −11 Go to diff View file
M plugins/testmanagement/resources/testmanagement_external_fields.rng +11 −12 Go to diff View file
M plugins/tracker/resources/artifacts.rng +388 −3 Go to diff View file
M plugins/tracker/resources/tracker.rng +1933 −3 Go to diff View file
M plugins/tracker/resources/trackers.rng +1933 −3 Go to diff View file
M src/common/xml/RNGValidator.class.php +5 −11 Go to diff View file
M src/common/xml/resources/project/project.rng +2921 −15 Go to diff View file
M src/common/xml/resources/ugroups.rng +45 −3 Go to diff View file
M src/common/xml/resources/users.rng +7 −8 Go to diff View file