A replacement of \Magento\Framework\Xml\Security for Magento 2 with enhanced security.
When the SAPI is php-fpm, \Magento\Framework\Xml\Security cannot detect entity if the XML string is not encoded in UTF-8.
This is a potential security issue and many developers forget to detect the XML encoding before using this class.
Note: this class works correctly in CLI.
After installing this extension, \Magento\Framework\Xml\Security is preferenced, and you don't need to worry about the XML encoding anymore.
/** @var \Magento\Framework\Xml\Security $xmlSecurity */
$xmlSecurity->scan($xmlString);That's it.
Magento 2.4
composer require wubinworks/module-xml-security
This extension requires dependencies that are not included in default Magento installation, so you need to use composer.
If you like this extension or this extension helped you, please ★star☆ this repository.
You may also like:
Magento 2 patch for CVE-2024-34102(aka Cosmic Sting)