Skip to content
This repository has been archived by the owner on Nov 28, 2023. It is now read-only.

Commit

Permalink
update CVI-270001.xml
Browse files Browse the repository at this point in the history
  • Loading branch information
@braveghz
braveghz authored Aug 26, 2017
1 parent 164e0c7 commit d1f548f
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion rules/CVI-270001.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@

## 修复方案
1. 使用 `libxml_disable_entity_loader(true);`
2. 过滤用户提交的XML数据,关键词:`<!DOCTYPE`和 `<!ENTITY`或者,`SYSTEM`和`PUBLIC`
2. 过滤用户提交的XML数据,关键词:`DOCTYPE`和 `ENTITY`或者,`SYSTEM`和`PUBLIC`
3. 升级libxml至libxml2.9及以上,2.9版本已经默认关闭了XML外部实体的解析

## 举例
Expand Down

0 comments on commit d1f548f

Please sign in to comment.