Mike XenForo developer Staff member Aug 21, 2014 #21 See the posts above - it explains what the issue is. You can workaround it like XF.
Chris D XenForo developer Staff member Aug 21, 2014 #22 Liam W said: Question, Mike, what should add-on authors do to ensure addons aren't vulnerable, if they use XML files? Liam Click to expand... Just use the same helpers that XenForo uses for processing all XML files. Previously a new vanilla SimpleXML object used to be instantiated. Now, that is created through a helper which wraps around that and a Zend security function.
Liam W said: Question, Mike, what should add-on authors do to ensure addons aren't vulnerable, if they use XML files? Liam Click to expand... Just use the same helpers that XenForo uses for processing all XML files. Previously a new vanilla SimpleXML object used to be instantiated. Now, that is created through a helper which wraps around that and a Zend security function.