Hi, all I just read this post about a vulnerability by loading doctype-declaration of an xml-string given in a request: http://www.idontplaydarts.com/2011/02/scanning-the-internal-network-using-simplexml/
Would it be a good point to restrict which urls can be loaded in the doctype, or is the following line the only possibility to prevent it in a good way? libxml_disable_entity_loader(true); Bye Simon
