From bdd9c47cc031109dc606e99fc3bc424f0f6521a3 Mon Sep 17 00:00:00 2001
From: Byron Jones <glob@mozilla.com>
Date: Wed, 15 Apr 2015 00:36:17 +0800
Subject: Bug 1031035: xmlrpc can be DoS'd with billion laughs attack
 r=LpSolit,a=glob

---
 Bugzilla/WebService/Server/XMLRPC.pm | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'Bugzilla/WebService/Server/XMLRPC.pm')

diff --git a/Bugzilla/WebService/Server/XMLRPC.pm b/Bugzilla/WebService/Server/XMLRPC.pm
index 03d93b597..c28c3e10c 100644
--- a/Bugzilla/WebService/Server/XMLRPC.pm
+++ b/Bugzilla/WebService/Server/XMLRPC.pm
@@ -138,7 +138,8 @@ sub new {
     my $self = shift->SUPER::new(@_);
     # Initialise XML::Parser to not expand references to entities, to prevent DoS
     require XML::Parser;
-    $self->{_parser}->parser(parser => XML::Parser->new( NoExpand => 1, Handlers => { Default => sub {} } ));
+    my $parser = XML::Parser->new( NoExpand => 1, Handlers => { Default => sub {} } );
+    $self->{_parser}->parser($parser, $parser);
     return $self;
 }
 
-- 
cgit v1.2.3-24-g4f1b