equal
deleted
inserted
replaced
12 * obtain it through the world-wide-web, please send an email |
12 * obtain it through the world-wide-web, please send an email |
13 * to license@zend.com so we can send you a copy immediately. |
13 * to license@zend.com so we can send you a copy immediately. |
14 * |
14 * |
15 * @category Zend |
15 * @category Zend |
16 * @package Zend_Controller |
16 * @package Zend_Controller |
17 * @copyright Copyright (c) 2005-2010 Zend Technologies USA Inc. (http://www.zend.com) |
17 * @copyright Copyright (c) 2005-2012 Zend Technologies USA Inc. (http://www.zend.com) |
18 * @license http://framework.zend.com/license/new-bsd New BSD License |
18 * @license http://framework.zend.com/license/new-bsd New BSD License |
19 */ |
19 */ |
20 |
20 |
21 /** |
21 /** |
22 * Zend_XmlRpc_Value |
22 * Zend_XmlRpc_Value |
39 * generated and stored in {@link $_fault}; developers may check for it using |
39 * generated and stored in {@link $_fault}; developers may check for it using |
40 * {@link isFault()} and {@link getFault()}. |
40 * {@link isFault()} and {@link getFault()}. |
41 * |
41 * |
42 * @category Zend |
42 * @category Zend |
43 * @package Zend_XmlRpc |
43 * @package Zend_XmlRpc |
44 * @copyright Copyright (c) 2005-2010 Zend Technologies USA Inc. (http://www.zend.com) |
44 * @copyright Copyright (c) 2005-2012 Zend Technologies USA Inc. (http://www.zend.com) |
45 * @license http://framework.zend.com/license/new-bsd New BSD License |
45 * @license http://framework.zend.com/license/new-bsd New BSD License |
46 * @version $Id: Request.php 20208 2010-01-11 22:37:37Z lars $ |
46 * @version $Id: Request.php 25033 2012-08-17 19:50:08Z matthew $ |
47 */ |
47 */ |
48 class Zend_XmlRpc_Request |
48 class Zend_XmlRpc_Request |
49 { |
49 { |
50 /** |
50 /** |
51 * Request character encoding |
51 * Request character encoding |
301 $this->_fault = new Zend_XmlRpc_Fault(635); |
301 $this->_fault = new Zend_XmlRpc_Fault(635); |
302 $this->_fault->setEncoding($this->getEncoding()); |
302 $this->_fault->setEncoding($this->getEncoding()); |
303 return false; |
303 return false; |
304 } |
304 } |
305 |
305 |
|
306 // @see ZF-12293 - disable external entities for security purposes |
|
307 $loadEntities = libxml_disable_entity_loader(true); |
306 try { |
308 try { |
307 $xml = new SimpleXMLElement($request); |
309 $dom = new DOMDocument; |
|
310 $dom->loadXML($request); |
|
311 foreach ($dom->childNodes as $child) { |
|
312 if ($child->nodeType === XML_DOCUMENT_TYPE_NODE) { |
|
313 require_once 'Zend/XmlRpc/Exception.php'; |
|
314 throw new Zend_XmlRpc_Exception( |
|
315 'Invalid XML: Detected use of illegal DOCTYPE' |
|
316 ); |
|
317 } |
|
318 } |
|
319 $xml = simplexml_import_dom($dom); |
|
320 libxml_disable_entity_loader($loadEntities); |
308 } catch (Exception $e) { |
321 } catch (Exception $e) { |
309 // Not valid XML |
322 // Not valid XML |
310 $this->_fault = new Zend_XmlRpc_Fault(631); |
323 $this->_fault = new Zend_XmlRpc_Fault(631); |
311 $this->_fault->setEncoding($this->getEncoding()); |
324 $this->_fault->setEncoding($this->getEncoding()); |
|
325 libxml_disable_entity_loader($loadEntities); |
312 return false; |
326 return false; |
313 } |
327 } |
314 |
328 |
315 // Check for method name |
329 // Check for method name |
316 if (empty($xml->methodName)) { |
330 if (empty($xml->methodName)) { |