Fix bug #64938: libxml_disable_entity_loader setting is shared between threads

The availability of entity loading is stored in a module global which
previously was only initialized in the GINIT constructor. This had the
effect that disabling the entity loader in one request caused
subsequent requests hitting the same Apache child process to  also have
the loader disabled.

With this change the loader is explicitely enabled in the request init
phase.

diff --git a/NEWS b/NEWS
index 718edde4dec91226e92fc98bb24ec2a6058306f0..4e33fbd3db3f9204d55ac8b324cf91f6ec056b28 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -23,6 +23,10 @@ PHP                                                                        NEWS
   . Fixed bug #68571 (core dump when webserver close the socket).
     (redfoxli069 at gmail dot com, Laruence)
 
+- Libxml:
+  . Fixed bug #64938 (libxml_disable_entity_loader setting is shared
+    between threads). (Martin Jansen)
+
 - OpenSSL:
   . Fixed bug #55618 (use case-insensitive cert name matching).
     (Daniel Lowrey)

diff --git a/ext/libxml/libxml.c b/ext/libxml/libxml.c
index 4b7a36a227b28f0ec1877c7fae29273587911b24..5f0da89cd3c6bbc0556df733bef32d2b3f58e695 100644 (file)
--- a/ext/libxml/libxml.c
+++ b/ext/libxml/libxml.c
@@ -857,6 +857,12 @@ static PHP_RINIT_FUNCTION(libxml)
                xmlSetGenericErrorFunc(NULL, php_libxml_error_handler);
                xmlParserInputBufferCreateFilenameDefault(php_libxml_input_buffer_create_filename);
                xmlOutputBufferCreateFilenameDefault(php_libxml_output_buffer_create_filename);
+
+               /* Enable the entity loader by default. This ensure that
+                * other threads/requests that might have disable the loader
+                * do not affect the current request.
+                */
+               LIBXML(entity_loader_disabled) = 0;
        }
        return SUCCESS;
 }