13 * obtain it through the world-wide-web, please send an email |
13 * obtain it through the world-wide-web, please send an email |
14 * to license@zend.com so we can send you a copy immediately. |
14 * to license@zend.com so we can send you a copy immediately. |
15 * |
15 * |
16 * @category Zend |
16 * @category Zend |
17 * @package Zend_Feed |
17 * @package Zend_Feed |
18 * @copyright Copyright (c) 2005-2012 Zend Technologies USA Inc. (http://www.zend.com) |
18 * @copyright Copyright (c) 2005-2015 Zend Technologies USA Inc. (http://www.zend.com) |
19 * @license http://framework.zend.com/license/new-bsd New BSD License |
19 * @license http://framework.zend.com/license/new-bsd New BSD License |
20 * @version $Id: Abstract.php 25160 2012-12-18 15:17:16Z matthew $ |
20 * @version $Id$ |
21 */ |
21 */ |
22 |
22 |
23 |
23 |
24 /** |
24 /** |
25 * @see Zend_Feed_Element |
25 * @see Zend_Feed_Element |
26 */ |
26 */ |
27 require_once 'Zend/Feed/Element.php'; |
27 require_once 'Zend/Feed/Element.php'; |
28 |
28 |
|
29 /** @see Zend_Xml_Security */ |
|
30 require_once 'Zend/Xml/Security.php'; |
29 |
31 |
30 /** |
32 /** |
31 * The Zend_Feed_Abstract class is an abstract class representing feeds. |
33 * The Zend_Feed_Abstract class is an abstract class representing feeds. |
32 * |
34 * |
33 * Zend_Feed_Abstract implements two core PHP 5 interfaces: ArrayAccess and |
35 * Zend_Feed_Abstract implements two core PHP 5 interfaces: ArrayAccess and |
35 * considered to be the entry collection, such that iterating over the |
37 * considered to be the entry collection, such that iterating over the |
36 * feed takes you through each of the feed.s entries. |
38 * feed takes you through each of the feed.s entries. |
37 * |
39 * |
38 * @category Zend |
40 * @category Zend |
39 * @package Zend_Feed |
41 * @package Zend_Feed |
40 * @copyright Copyright (c) 2005-2012 Zend Technologies USA Inc. (http://www.zend.com) |
42 * @copyright Copyright (c) 2005-2015 Zend Technologies USA Inc. (http://www.zend.com) |
41 * @license http://framework.zend.com/license/new-bsd New BSD License |
43 * @license http://framework.zend.com/license/new-bsd New BSD License |
42 */ |
44 */ |
43 abstract class Zend_Feed_Abstract extends Zend_Feed_Element implements Iterator, Countable |
45 abstract class Zend_Feed_Abstract extends Zend_Feed_Element implements Iterator, Countable |
44 { |
46 { |
45 /** |
47 /** |
109 */ |
111 */ |
110 public function __wakeup() |
112 public function __wakeup() |
111 { |
113 { |
112 @ini_set('track_errors', 1); |
114 @ini_set('track_errors', 1); |
113 $doc = new DOMDocument; |
115 $doc = new DOMDocument; |
114 $status = @$doc->loadXML($this->_element); |
116 $doc = @Zend_Xml_Security::scan($this->_element, $doc); |
115 @ini_restore('track_errors'); |
117 @ini_restore('track_errors'); |
116 |
118 |
117 if (!$status) { |
119 if (!$doc) { |
118 // prevent the class to generate an undefined variable notice (ZF-2590) |
120 // prevent the class to generate an undefined variable notice (ZF-2590) |
119 if (!isset($php_errormsg)) { |
121 if (!isset($php_errormsg)) { |
120 if (function_exists('xdebug_is_enabled')) { |
122 if (function_exists('xdebug_is_enabled')) { |
121 $php_errormsg = '(error message not available, when XDebug is running)'; |
123 $php_errormsg = '(error message not available, when XDebug is running)'; |
122 } else { |
124 } else { |
266 * @return string |
268 * @return string |
267 * @throws Zend_Feed_Exception on detection of an XXE vector |
269 * @throws Zend_Feed_Exception on detection of an XXE vector |
268 */ |
270 */ |
269 protected function _importFeedFromString($feed) |
271 protected function _importFeedFromString($feed) |
270 { |
272 { |
271 // Load the feed as an XML DOMDocument object |
|
272 $libxml_errflag = libxml_use_internal_errors(true); |
|
273 $libxml_entity_loader = libxml_disable_entity_loader(true); |
|
274 $doc = new DOMDocument; |
|
275 if (trim($feed) == '') { |
273 if (trim($feed) == '') { |
276 require_once 'Zend/Feed/Exception.php'; |
274 require_once 'Zend/Feed/Exception.php'; |
277 throw new Zend_Feed_Exception('Remote feed being imported' |
275 throw new Zend_Feed_Exception('Remote feed being imported' |
278 . ' is an Empty string or comes from an empty HTTP response'); |
276 . ' is an Empty string or comes from an empty HTTP response'); |
279 } |
277 } |
280 $status = $doc->loadXML($feed); |
278 $doc = new DOMDocument; |
281 libxml_disable_entity_loader($libxml_entity_loader); |
279 $doc = Zend_Xml_Security::scan($feed, $doc); |
282 libxml_use_internal_errors($libxml_errflag); |
280 |
283 |
281 if (!$doc) { |
284 if (!$status) { |
|
285 // prevent the class to generate an undefined variable notice (ZF-2590) |
282 // prevent the class to generate an undefined variable notice (ZF-2590) |
286 // Build error message |
283 // Build error message |
287 $error = libxml_get_last_error(); |
284 $error = libxml_get_last_error(); |
288 if ($error && $error->message) { |
285 if ($error && $error->message) { |
289 $errormsg = "DOMDocument cannot parse XML: {$error->message}"; |
286 $errormsg = "DOMDocument cannot parse XML: {$error->message}"; |