When using the docman import tool to import an external Docman, the load of the XML file fails :
PHP Warning: DOMDocument::load(): I/O warning : failed to load external entity "/data/tmp/docman_surfass/docman_surfass.xml" in /usr/share/tuleap/plugins/docman/bin/DocmanImport/XMLDocmanImport.class.php on line 148
error Failed to load XML document.
error Unable to load the following XML document : /data/tmp/docman_surfass/docman_surfass.xml
I guess this is linked to the vulnerability 'External XML Entity Injection'.
Steps to reproduce:
- Export the docman of a project
- Import the exported docman into another project