my ($self, $parser) = @_;
my $conf = $self->{_options};
- if( $conf->{expand_entities} ) {
+ if( $conf->{expand_entities_unsafe} ) { # NOT recommended
_set_option($parser, 'expand_entities', 1);
} else {
# If not explicitly set, we should disable expanding for security
use Koha::XSLT::Base;
use t::lib::Mocks;
-t::lib::Mocks::mock_config( 'koha_xslt_security', { expand_entities => 1 } );
+t::lib::Mocks::mock_config( 'koha_xslt_security', { expand_entities_unsafe => 1 } );
my $engine=Koha::XSLT::Base->new;
my $secret_file = mytempfile('Big secret');
my $output= $engine->transform( "<ignored/>", $xslt_file );
like($output, qr/Big secret/, 'external entity got through');
-t::lib::Mocks::mock_config( 'koha_xslt_security', { expand_entities => 0 } );
+t::lib::Mocks::mock_config( 'koha_xslt_security', { expand_entities_unsafe => 0 } );
$engine=Koha::XSLT::Base->new;
$output= $engine->transform( "<ignored/>", $xslt_file );
unlike($output, qr/Big secret/, 'external entity did not get through');