Bug 1031035: xmlrpc can be DoS'd with billion laughs attack

r=LpSolit,a=glob

diff --git a/Bugzilla/WebService/Server/XMLRPC.pm b/Bugzilla/WebService/Server/XMLRPC.pm
index 56e4dbe58d92932072074ed9cb863031d4d6cb4c..98a0ee405d1f118606777b8f91810230527c8b49 100644 (file)
--- a/Bugzilla/WebService/Server/XMLRPC.pm
+++ b/Bugzilla/WebService/Server/XMLRPC.pm
@@ -135,7 +135,8 @@ sub new {
     my $self = shift->SUPER::new(@_);
     # Initialise XML::Parser to not expand references to entities, to prevent DoS
     require XML::Parser;
-    $self->{_parser}->parser(parser => XML::Parser->new( NoExpand => 1, Handlers => { Default => sub {} } ));
+    my $parser = XML::Parser->new( NoExpand => 1, Handlers => { Default => sub {} } );
+    $self->{_parser}->parser($parser, $parser);
     return $self;
 }