--- a/web/lib/Zend/Search/Lucene/Document/Docx.php Thu May 07 15:10:09 2015 +0200
+++ b/web/lib/Zend/Search/Lucene/Document/Docx.php Thu May 07 15:16:02 2015 +0200
@@ -15,21 +15,24 @@
* @category Zend
* @package Zend_Search_Lucene
* @subpackage Document
- * @copyright Copyright (c) 2005-2012 Zend Technologies USA Inc. (http://www.zend.com)
+ * @copyright Copyright (c) 2005-2015 Zend Technologies USA Inc. (http://www.zend.com)
* @license http://framework.zend.com/license/new-bsd New BSD License
- * @version $Id: Docx.php 24593 2012-01-05 20:35:02Z matthew $
+ * @version $Id$
*/
/** Zend_Search_Lucene_Document_OpenXml */
require_once 'Zend/Search/Lucene/Document/OpenXml.php';
+/** Zend_Xml_Security */
+require_once 'Zend/Xml/Security.php';
+
/**
* Docx document.
*
* @category Zend
* @package Zend_Search_Lucene
* @subpackage Document
- * @copyright Copyright (c) 2005-2012 Zend Technologies USA Inc. (http://www.zend.com)
+ * @copyright Copyright (c) 2005-2015 Zend Technologies USA Inc. (http://www.zend.com)
* @license http://framework.zend.com/license/new-bsd New BSD License
*/
class Zend_Search_Lucene_Document_Docx extends Zend_Search_Lucene_Document_OpenXml {
@@ -67,11 +70,11 @@
require_once 'Zend/Search/Lucene/Exception.php';
throw new Zend_Search_Lucene_Exception('Invalid archive or corrupted .docx file.');
}
- $relations = simplexml_load_string($relationsXml);
+ $relations = Zend_Xml_Security::scan($relationsXml);
foreach($relations->Relationship as $rel) {
if ($rel ["Type"] == Zend_Search_Lucene_Document_OpenXml::SCHEMA_OFFICEDOCUMENT) {
// Found office document! Read in contents...
- $contents = simplexml_load_string($package->getFromName(
+ $contents = Zend_Xml_Security::scan($package->getFromName(
$this->absoluteZipPath(dirname($rel['Target'])
. '/'
. basename($rel['Target']))