12 * obtain it through the world-wide-web, please send an email |
12 * obtain it through the world-wide-web, please send an email |
13 * to license@zend.com so we can send you a copy immediately. |
13 * to license@zend.com so we can send you a copy immediately. |
14 * |
14 * |
15 * @category Zend |
15 * @category Zend |
16 * @package Zend_Controller |
16 * @package Zend_Controller |
17 * @copyright Copyright (c) 2005-2012 Zend Technologies USA Inc. (http://www.zend.com) |
17 * @copyright Copyright (c) 2005-2015 Zend Technologies USA Inc. (http://www.zend.com) |
18 * @license http://framework.zend.com/license/new-bsd New BSD License |
18 * @license http://framework.zend.com/license/new-bsd New BSD License |
19 */ |
19 */ |
20 |
20 |
21 /** |
21 /** |
22 * Zend_XmlRpc_Value |
22 * Zend_XmlRpc_Value |
25 |
25 |
26 /** |
26 /** |
27 * Zend_XmlRpc_Fault |
27 * Zend_XmlRpc_Fault |
28 */ |
28 */ |
29 require_once 'Zend/XmlRpc/Fault.php'; |
29 require_once 'Zend/XmlRpc/Fault.php'; |
|
30 |
|
31 /** @see Zend_Xml_Security */ |
|
32 require_once 'Zend/Xml/Security.php'; |
|
33 |
|
34 /** @see Zend_Xml_Exception */ |
|
35 require_once 'Zend/Xml/Exception.php'; |
30 |
36 |
31 /** |
37 /** |
32 * XmlRpc Response |
38 * XmlRpc Response |
33 * |
39 * |
34 * Container for accessing an XMLRPC return value and creating the XML response. |
40 * Container for accessing an XMLRPC return value and creating the XML response. |
35 * |
41 * |
36 * @category Zend |
42 * @category Zend |
37 * @package Zend_XmlRpc |
43 * @package Zend_XmlRpc |
38 * @copyright Copyright (c) 2005-2012 Zend Technologies USA Inc. (http://www.zend.com) |
44 * @copyright Copyright (c) 2005-2015 Zend Technologies USA Inc. (http://www.zend.com) |
39 * @license http://framework.zend.com/license/new-bsd New BSD License |
45 * @license http://framework.zend.com/license/new-bsd New BSD License |
40 * @version $Id: Response.php 25033 2012-08-17 19:50:08Z matthew $ |
46 * @version $Id$ |
41 */ |
47 */ |
42 class Zend_XmlRpc_Response |
48 class Zend_XmlRpc_Response |
43 { |
49 { |
44 /** |
50 /** |
45 * Return value |
51 * Return value |
174 $this->_fault = new Zend_XmlRpc_Fault(650); |
180 $this->_fault = new Zend_XmlRpc_Fault(650); |
175 $this->_fault->setEncoding($this->getEncoding()); |
181 $this->_fault->setEncoding($this->getEncoding()); |
176 return false; |
182 return false; |
177 } |
183 } |
178 |
184 |
179 // @see ZF-12293 - disable external entities for security purposes |
|
180 $loadEntities = libxml_disable_entity_loader(true); |
|
181 $useInternalXmlErrors = libxml_use_internal_errors(true); |
|
182 try { |
185 try { |
183 $dom = new DOMDocument; |
186 $xml = Zend_Xml_Security::scan($response); |
184 $dom->loadXML($response); |
187 } catch (Zend_Xml_Exception $e) { |
185 foreach ($dom->childNodes as $child) { |
|
186 if ($child->nodeType === XML_DOCUMENT_TYPE_NODE) { |
|
187 require_once 'Zend/XmlRpc/Exception.php'; |
|
188 throw new Zend_XmlRpc_Exception( |
|
189 'Invalid XML: Detected use of illegal DOCTYPE' |
|
190 ); |
|
191 } |
|
192 } |
|
193 // TODO: Locate why this passes tests but a simplexml import doesn't |
|
194 // $xml = simplexml_import_dom($dom); |
|
195 $xml = new SimpleXMLElement($response); |
|
196 libxml_disable_entity_loader($loadEntities); |
|
197 libxml_use_internal_errors($useInternalXmlErrors); |
|
198 } catch (Exception $e) { |
|
199 libxml_disable_entity_loader($loadEntities); |
|
200 libxml_use_internal_errors($useInternalXmlErrors); |
|
201 // Not valid XML |
188 // Not valid XML |
202 $this->_fault = new Zend_XmlRpc_Fault(651); |
189 $this->_fault = new Zend_XmlRpc_Fault(651); |
203 $this->_fault->setEncoding($this->getEncoding()); |
190 $this->_fault->setEncoding($this->getEncoding()); |
204 return false; |
191 return false; |
205 } |
192 } |