Closed
Description
Symfony version(s) affected
4.4+
Description
In https://github.com/symfony/dependency-injection/blob/ffaa7b47a728b8a644ced7dce6e3f7b89b1c06bb/Loader/XmlFileLoader.php#L686, it creates a file:// url that isn't url-encoded. This causes shouldEnableEntityLoader() to return true in php 8 instead of false when e.g. the temp folder path contains spaces.
How to reproduce
- If you have a local windows dev setup, the temp folder path might be something like
C:\Users\Your Name\AppData\Local\Temp. If you don't have that or control over the system temp folder path, then you can temporarily edit https://github.com/symfony/dependency-injection/blob/ffaa7b47a728b8a644ced7dce6e3f7b89b1c06bb/Loader/XmlFileLoader.php#L680 to set $tmpfile to a path that you know exists and has spaces. - Make a little file
x.xmllike this:<container xmlns="http://symfony.com/schema/dic/services" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd"> <services> </services> </container>
- Make a little php file like this:
<?php require_once 'vendor/autoload.php'; $containerBuilder = new \Symfony\Component\DependencyInjection\ContainerBuilder(); $loader = new \Symfony\Component\DependencyInjection\Loader\XmlFileLoader($containerBuilder, new \Symfony\Component\Config\FileLocator(__DIR__)); $loader->load('x.xml');
- Using php8, run your php file.
PHP Deprecated: Function libxml_disable_entity_loader() is deprecated in ...\vendor\symfony\dependency-injection\Loader\XmlFileLoader.php
Possible Solution
-<xsd:include schemaLocation="file:///'.str_replace('\\', '/', $tmpfile).'" />';
+<xsd:include schemaLocation="file:///'.rawurlencode(str_replace('\\', '/', $tmpfile)).'" />';Additional Context
I admit I haven't run it against 6.x. Where this came up in real life was in a 3rd party web app that uses version 4.4 of symfony/dependency-injection, but the code is the same as 6.x.