View Issue Details

Jump to NotesJump to History
This bug affects 1 person(s).
 4
IDProjectCategoryView StatusDate SubmittedLast Update
19982Bug reportsTheme editorpublic2025-02-26 21:182025-02-27 08:54
Reportergabrieljenik Assigned Totibor.pacalat  
PrioritynoneSeveritycrash 
Status ready for testingResolutionopen 
Product Version6.6.x 
Summary19982: DOMDocument::load(): I/O warning : failed to load external entity - on PHP 7.4 when entering the themes screen
Description

DOMDocument::load(): I/O warning : failed to load external entity - on PHP 7.4 when entering the themes screen

Seems some new functions were added which call internally the libxml extension.
On PHP 7.4 (and libxml before 2.9.0), when that is used, without disabling the loading of external entities, the script fails

Adding the following before $domDocument->load($configFile), make things work.

                if (\PHP_VERSION_ID < 80000) {
                    libxml_disable_entity_loader(false); // @see: http://phpsecurity.readthedocs.io/en/latest/Injection-Attacks.html#xml-external-entity-injection
                }
TagsNo tags attached.
Bug heat4
Complete LimeSurvey version number (& build)6.x
I will donate to the project if issue is resolvedNo
Browser
Database type & versionMysql
Server OS (if known)
Webserver software & version (if known)
PHP Version7

Users monitoring this issue

There are no users monitoring this issue.

Activities

gabrieljenik

gabrieljenik

2025-02-26 22:18

manager   ~82154

https://github.com/LimeSurvey/LimeSurvey/pull/4186
DenisChenu

DenisChenu

2025-02-27 08:54

developer   ~82158

Seems some new functions were added which call internally the libxml extension.

It can be interesting to know this new functions. Plugin extend twig ?
DenisChenu

DenisChenu

2025-02-27 08:54

developer   ~82159

Need a way to reproduce ?

Issue History

Date Modified Username Field Change
2025-02-26 21:18 gabrieljenik New Issue
2025-02-26 22:18 gabrieljenik Assigned To => DenisChenu
2025-02-26 22:18 gabrieljenik Status new => ready for code review
2025-02-26 22:18 gabrieljenik Note Added: 82154
2025-02-26 22:18 gabrieljenik Bug heat 0 => 2
2025-02-26 22:19 gabrieljenik Description Updated
2025-02-27 08:54 DenisChenu Note Added: 82158
2025-02-27 08:54 DenisChenu Bug heat 2 => 4
2025-02-27 08:54 DenisChenu Note Added: 82159
2025-02-27 08:54 DenisChenu Assigned To DenisChenu => tibor.pacalat
2025-02-27 08:54 DenisChenu Status ready for code review => ready for testing