19982: DOMDocument::load(): I/O warning : failed to load external entity - on PHP 7.4 when entering the themes screen

This bug affects 1 person(s).

ID	Project	Category	View Status	Date Submitted	Last Update

19982	Bug reports	Theme editor	public	2025-02-26 21:18	2025-03-03 18:13

Reporter	gabrieljenik	Assigned To	tibor.pacalat
Priority	none	Severity	crash
Status	closed	Resolution	fixed
Product Version	6.6.x

Summary	19982: DOMDocument::load(): I/O warning : failed to load external entity - on PHP 7.4 when entering the themes screen
Description	DOMDocument::load(): I/O warning : failed to load external entity - on PHP 7.4 when entering the themes screen Seems some new functions were added which call internally the libxml extension. On PHP 7.4 (and libxml before 2.9.0), when that is used, without disabling the loading of external entities, the script fails Adding the following before `$domDocument->load($configFile)`, make things work. `if (\PHP_VERSION_ID < 80000) { libxml_disable_entity_loader(false); // @see: http://phpsecurity.readthedocs.io/en/latest/Injection-Attacks.html#xml-external-entity-injection }`
Tags	No tags attached.

Bug heat	6
Complete LimeSurvey version number (& build)	6.x
I will donate to the project if issue is resolved	No
Browser
Database type & version	Mysql
Server OS (if known)
Webserver software & version (if known)
PHP Version	7

User List	There are no users monitoring this issue.

gabrieljenik 2025-02-26 22:18 manager ~82154	https://github.com/LimeSurvey/LimeSurvey/pull/4186

DenisChenu 2025-02-27 08:54 developer ~82158	Seems some new functions were added which call internally the libxml extension. It can be interesting to know this new functions. Plugin extend twig ?

DenisChenu 2025-02-27 08:54 developer ~82159	Need a way to reproduce ?

LimeBot 2025-03-03 18:13 administrator ~82185	Fixed in Release 6.11.0+250303

Date Modified	Username	Field	Change
2025-02-26 21:18	gabrieljenik	New Issue
2025-02-26 22:18	gabrieljenik	Assigned To	=> DenisChenu
2025-02-26 22:18	gabrieljenik	Status	new => ready for code review
2025-02-26 22:18	gabrieljenik	Note Added: 82154
2025-02-26 22:18	gabrieljenik	Bug heat	0 => 2
2025-02-26 22:19	gabrieljenik	Description Updated
2025-02-27 08:54	DenisChenu	Note Added: 82158
2025-02-27 08:54	DenisChenu	Bug heat	2 => 4
2025-02-27 08:54	DenisChenu	Note Added: 82159
2025-02-27 08:54	DenisChenu	Assigned To	DenisChenu => tibor.pacalat
2025-02-27 08:54	DenisChenu	Status	ready for code review => ready for testing
2025-02-28 16:09	tibor.pacalat	Status	ready for testing => resolved
2025-02-28 16:09	tibor.pacalat	Resolution	open => fixed
2025-03-03 18:13	LimeBot	Note Added: 82185
2025-03-03 18:13	LimeBot	Status	resolved => closed
2025-03-03 18:13	LimeBot	Bug heat	4 => 6