--- a/web/lib/Zend/Config/Xml.php Thu May 07 15:10:09 2015 +0200
+++ b/web/lib/Zend/Config/Xml.php Thu May 07 15:16:02 2015 +0200
@@ -14,9 +14,9 @@
*
* @category Zend
* @package Zend_Config
- * @copyright Copyright (c) 2005-2012 Zend Technologies USA Inc. (http://www.zend.com)
+ * @copyright Copyright (c) 2005-2015 Zend Technologies USA Inc. (http://www.zend.com)
* @license http://framework.zend.com/license/new-bsd New BSD License
- * @version $Id: Xml.php 24593 2012-01-05 20:35:02Z matthew $
+ * @version $Id$
*/
/**
@@ -24,12 +24,18 @@
*/
require_once 'Zend/Config.php';
+/** @see Zend_Xml_Security */
+require_once 'Zend/Xml/Security.php';
+
+/** @see Zend_Xml_Exception */
+require_once 'Zend/Xml/Exception.php';
+
/**
* XML Adapter for Zend_Config
*
* @category Zend
* @package Zend_Config
- * @copyright Copyright (c) 2005-2012 Zend Technologies USA Inc. (http://www.zend.com)
+ * @copyright Copyright (c) 2005-2015 Zend Technologies USA Inc. (http://www.zend.com)
* @license http://framework.zend.com/license/new-bsd New BSD License
*/
class Zend_Config_Xml extends Zend_Config
@@ -96,9 +102,21 @@
set_error_handler(array($this, '_loadFileErrorHandler')); // Warnings and errors are suppressed
if (strstr($xml, '<?xml')) {
- $config = simplexml_load_string($xml);
+ $config = Zend_Xml_Security::scan($xml);
} else {
- $config = simplexml_load_file($xml);
+ try {
+ if (!$config = Zend_Xml_Security::scanFile($xml)) {
+ require_once 'Zend/Config/Exception.php';
+ throw new Zend_Config_Exception(
+ "Error failed to load $xml file"
+ );
+ }
+ } catch (Zend_Xml_Exception $e) {
+ require_once 'Zend/Config/Exception.php';
+ throw new Zend_Config_Exception(
+ $e->getMessage()
+ );
+ }
}
restore_error_handler();