lorenzo / pinky

A Foundation for Emails (Inky) template transpiler

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Warning: DOMDocument::load(): I/O warning : failed to load external entity "/path/to/vendor/lorenzo/pinky/src/inky.xsl"

DjLeChuck opened this issue · comments

I,

In our application, we have a strange bug. Sometimes, the belowed error appears:

Warning: DOMDocument::load(): I/O warning : failed to load external entity "/path/to/vendor/lorenzo/pinky/src/inky.xsl"

Our application is a Symfony one, which use the Mailer component and the twig/inky-extra which use this library.
We send many email without any problem, but sometimes this happens and we are not able to understand why.
What's even stranger is that for the same email template, but with a different context (input data, code used to before calling the service which send it) sometimes it it works and sometimes the error occure... 😕

I thought that it was linked to the data we used, but the offending code is the loading of inky.xsl and inky-center.xsl, so it comes before our template is processed.

The only way we found to fix this was to add this code before the call of Inky:

if (\PHP_VERSION_ID < 80000) {
    libxml_disable_entity_loader(false);
}

Have you any idea of what's happening? There is not many literature about this on the internet. 😅

I think that line should be added for all PHP versions. It is actually a security risk to leave that setting as true. I usually disable it globally.

It is indeed linked to the data that is used. XML has this security mis-feature that it lets you load more xml via the network depending on how you include the content, which creates security risks.

If you send me a PR with the line I'll merge it.

We have add the version check because the PHP doc says the function is obsolete since PHP 8.0: https://www.php.net/libxml_disable_entity_loader

OK for the PR, I will do it. Just let me know if I let the PHP version check or not.

yeah, do the version check to avoid deprecation notices

Here we go: #25