--- a/web/lib/Zend/XmlRpc/Request.php Thu May 07 15:10:09 2015 +0200
+++ b/web/lib/Zend/XmlRpc/Request.php Thu May 07 15:16:02 2015 +0200
@@ -14,7 +14,7 @@
*
* @category Zend
* @package Zend_Controller
- * @copyright Copyright (c) 2005-2012 Zend Technologies USA Inc. (http://www.zend.com)
+ * @copyright Copyright (c) 2005-2015 Zend Technologies USA Inc. (http://www.zend.com)
* @license http://framework.zend.com/license/new-bsd New BSD License
*/
@@ -28,6 +28,12 @@
*/
require_once 'Zend/XmlRpc/Fault.php';
+/** @see Zend_Xml_Security */
+require_once 'Zend/Xml/Security.php';
+
+/** @see Zend_Xml_Exception */
+require_once 'Zend/Xml/Exception.php';
+
/**
* XmlRpc Request object
*
@@ -41,9 +47,9 @@
*
* @category Zend
* @package Zend_XmlRpc
- * @copyright Copyright (c) 2005-2012 Zend Technologies USA Inc. (http://www.zend.com)
+ * @copyright Copyright (c) 2005-2015 Zend Technologies USA Inc. (http://www.zend.com)
* @license http://framework.zend.com/license/new-bsd New BSD License
- * @version $Id: Request.php 25033 2012-08-17 19:50:08Z matthew $
+ * @version $Id$
*/
class Zend_XmlRpc_Request
{
@@ -303,26 +309,12 @@
return false;
}
- // @see ZF-12293 - disable external entities for security purposes
- $loadEntities = libxml_disable_entity_loader(true);
try {
- $dom = new DOMDocument;
- $dom->loadXML($request);
- foreach ($dom->childNodes as $child) {
- if ($child->nodeType === XML_DOCUMENT_TYPE_NODE) {
- require_once 'Zend/XmlRpc/Exception.php';
- throw new Zend_XmlRpc_Exception(
- 'Invalid XML: Detected use of illegal DOCTYPE'
- );
- }
- }
- $xml = simplexml_import_dom($dom);
- libxml_disable_entity_loader($loadEntities);
- } catch (Exception $e) {
+ $xml = Zend_Xml_Security::scan($request);
+ } catch (Zend_Xml_Exception $e) {
// Not valid XML
$this->_fault = new Zend_XmlRpc_Fault(631);
$this->_fault->setEncoding($this->getEncoding());
- libxml_disable_entity_loader($loadEntities);
return false;
}