It'd be nice to be able to specify certain XXE entities that we're ok about including using http://php.net/manual/en/function.libxml-set-external-entity-loader.php to hook libxml and have it ask us about what's ok to load.
That way we could load user supplied XML without just letting them have access to random files.
It'd be nice to be able to specify certain XXE entities that we're ok about including using http://php.net/manual/en/function.libxml-set-external-entity-loader.php to hook libxml and have it ask us about what's ok to load.
That way we could load user supplied XML without just letting them have access to random files.