Added XsltProcessor::setSecurityPrefs($options) and getSecurityPrefs()

to define forbidden operations within XSLT stylesheets, default is not to enable any write operations from XSLT anymore. Bug #54446
author: Christian Stocker <chregu@php.net> 2011-07-11 11:16:22 +0000
committer: Christian Stocker <chregu@php.net> 2011-07-11 11:16:22 +0000
commit: 0511fa337eac340af49432c56e2c1d19f1d680d9 (patch)
tree: 4fc1aae888cd6d144145ce34052cb0fd92102958 /UPGRADING
parent: 0f3e70fe014dd4d40773f01c35b4b6451c76e300 (diff)
download: php-git-0511fa337eac340af49432c56e2c1d19f1d680d9.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/UPGRADING b/UPGRADING
index 0d849a15e5..534e8bf5b7 100755
--- a/UPGRADING
+++ b/UPGRADING
@@ -174,6 +174,9 @@ UPGRADE NOTES - PHP X.Y
   just the first matching node.
 - All SimpleXMLElement children are now always printed when using var_dump(),
   var_export(), and print_r().
+- Write operations within XSLT (for example with the extension sax:output) are
+  disabled by default. You can define what is forbidden with the method
+  XsltProcess::setSecurityPrefs($options)
 
 ===================================
 5. Changes made to existing methods
author	Christian Stocker <chregu@php.net>	2011-07-11 11:16:22 +0000
committer	Christian Stocker <chregu@php.net>	2011-07-11 11:16:22 +0000
commit	0511fa337eac340af49432c56e2c1d19f1d680d9 (patch)
tree	4fc1aae888cd6d144145ce34052cb0fd92102958 /UPGRADING
parent	0f3e70fe014dd4d40773f01c35b4b6451c76e300 (diff)
download	php-git-0511fa337eac340af49432c56e2c1d19f1d680d9.tar.gz