PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2026-02-06 13:36:38 +00:00
Code Issues Projects Releases Wiki Activity

Minor patch

Browse Source
This commit is contained in:
Miroslav Stampar
2026-02-01 23:32:45 +01:00
parent 5640ba7795
commit f08f860bd7
3 changed files with 20 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
lib/core/patch.py
View File

@@ -160,6 +160,23 @@ def dirtyPatches():
logging._releaseLock = _releaseLock
from xml.etree import ElementTree as et
if not getattr(et, "_patched", False):
_real_parse = et.parse
def _safe_parse(source, parser=None):
if parser is None:
parser = et.XMLParser()
if hasattr(parser, "parser"):
def reject(*args): raise ValueError("XML entities are forbidden")
parser.parser.EntityDeclHandler = reject
parser.parser.UnparsedEntityDeclHandler = reject
return _real_parse(source, parser=parser)
et.parse = _safe_parse
et._patched = True
def resolveCrossReferences():
"""
Place for cross-reference resolution