PHP

PHP

By DeepSource

Use of deprecated libxml_disable_entity_loader() PHP-W1086

Security

The libxml_disable_entity_loader() function has been deprecated since PHP 8.0.0. Relying on this function is highly discouraged. It is recommended to use libxml_set_external_entity_loader() to suppress loading of external entities.

Examples

Bad practice

libxml_disable_entity_loader(false);

$domdocument = new DOMDocument();
$domdocument->load(file_get_contents('book.xml'));
echo $domdocument->saveXML();

Recommended

libxml_set_external_entity_loader(function() {
  return null;
});

$domdocument = new DOMDocument();
$domdocument->load(file_get_contents('book.xml'));
echo $domdocument->saveXML();