--- a/web/lib/Zend/Search/Lucene/Document/OpenXml.php	Thu May 07 15:10:09 2015 +0200
+++ b/web/lib/Zend/Search/Lucene/Document/OpenXml.php	Thu May 07 15:16:02 2015 +0200
@@ -15,15 +15,17 @@
  * @category   Zend
  * @package    Zend_Search_Lucene
  * @subpackage Document
- * @copyright  Copyright (c) 2005-2012 Zend Technologies USA Inc. (http://www.zend.com)
+ * @copyright  Copyright (c) 2005-2015 Zend Technologies USA Inc. (http://www.zend.com)
  * @license    http://framework.zend.com/license/new-bsd     New BSD License
- * @version    $Id: OpenXml.php 24593 2012-01-05 20:35:02Z matthew $
+ * @version    $Id$
  */
 
 
 /** Zend_Search_Lucene_Document */
 require_once 'Zend/Search/Lucene/Document.php';
 
+/** Zend_Xml_Security */
+require_once 'Zend/Xml/Security.php';
 
 /**
  * OpenXML document.
@@ -31,7 +33,7 @@
  * @category   Zend
  * @package    Zend_Search_Lucene
  * @subpackage Document
- * @copyright  Copyright (c) 2005-2012 Zend Technologies USA Inc. (http://www.zend.com)
+ * @copyright  Copyright (c) 2005-2015 Zend Technologies USA Inc. (http://www.zend.com)
  * @license    http://framework.zend.com/license/new-bsd     New BSD License
  */
 abstract class Zend_Search_Lucene_Document_OpenXml extends Zend_Search_Lucene_Document
@@ -83,11 +85,11 @@
         $coreProperties = array();
 
         // Read relations and search for core properties
-        $relations = simplexml_load_string($package->getFromName("_rels/.rels"));
+        $relations = Zend_Xml_Security::scan($package->getFromName("_rels/.rels"));
         foreach ($relations->Relationship as $rel) {
             if ($rel["Type"] == Zend_Search_Lucene_Document_OpenXml::SCHEMA_COREPROPERTIES) {
                 // Found core properties! Read in contents...
-                $contents = simplexml_load_string(
+                $contents = Zend_Xml_Security::scan(
                     $package->getFromName(dirname($rel["Target"]) . "/" . basename($rel["Target"]))
                 );