The line for enabling the unsafe expand_entities option is commented
and includes a warning to keep it like that ;)
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
</repo>
</plugin_repos>
+ <koha_xslt_security>
+ <!-- Uncomment the following entry ONLY when you explicitly want the XSLT
+ parser to expand entities like <!ENTITY secret SYSTEM "/etc/secrets">.
+ This is unsafe and therefore NOT recommended!
+ <expand_entities_unsafe>1</expand_entities_unsafe>
+ -->
+ </koha_xslt_security>
+
</config>
</yazgfs>
</repo>
</plugin_repos>
+ <koha_xslt_security>
+ <!-- Uncomment the following entry ONLY when you explicitly want the XSLT
+ parser to expand entities like <!ENTITY secret SYSTEM "/etc/secrets">.
+ This is unsafe and therefore NOT recommended!
+ <expand_entities_unsafe>1</expand_entities_unsafe>
+ -->
+ </koha_xslt_security>
+
</config>
</yazgfs>