diff -r 2251fb41dbc7 -r 1e110b03ae96 web/lib/Zend/Feed/Abstract.php --- a/web/lib/Zend/Feed/Abstract.php Sun Apr 21 10:07:03 2013 +0200 +++ b/web/lib/Zend/Feed/Abstract.php Sun Apr 21 21:54:24 2013 +0200 @@ -15,9 +15,9 @@ * * @category Zend * @package Zend_Feed - * @copyright Copyright (c) 2005-2010 Zend Technologies USA Inc. (http://www.zend.com) + * @copyright Copyright (c) 2005-2012 Zend Technologies USA Inc. (http://www.zend.com) * @license http://framework.zend.com/license/new-bsd New BSD License - * @version $Id: Abstract.php 20096 2010-01-06 02:05:09Z bkarwin $ + * @version $Id: Abstract.php 25160 2012-12-18 15:17:16Z matthew $ */ @@ -37,7 +37,7 @@ * * @category Zend * @package Zend_Feed - * @copyright Copyright (c) 2005-2010 Zend Technologies USA Inc. (http://www.zend.com) + * @copyright Copyright (c) 2005-2012 Zend Technologies USA Inc. (http://www.zend.com) * @license http://framework.zend.com/license/new-bsd New BSD License */ abstract class Zend_Feed_Abstract extends Zend_Feed_Element implements Iterator, Countable @@ -81,9 +81,9 @@ * @see Zend_Feed_Exception */ require_once 'Zend/Feed/Exception.php'; - throw new Zend_Feed_Exception('Feed failed to load, got response code ' . $response->getStatus()); + throw new Zend_Feed_Exception('Feed failed to load, got response code ' . $response->getStatus() . '; request: ' . $client->getLastRequest() . "\nresponse: " . $response->asString()); } - $this->_element = $response->getBody(); + $this->_element = $this->_importFeedFromString($response->getBody()); $this->__wakeup(); } elseif ($string !== null) { // Retrieve the feed from $string @@ -256,4 +256,49 @@ * @return void */ abstract public function send(); + + /** + * Import a feed from a string + * + * Protects against XXE attack vectors. + * + * @param string $feed + * @return string + * @throws Zend_Feed_Exception on detection of an XXE vector + */ + protected function _importFeedFromString($feed) + { + // Load the feed as an XML DOMDocument object + $libxml_errflag = libxml_use_internal_errors(true); + $libxml_entity_loader = libxml_disable_entity_loader(true); + $doc = new DOMDocument; + if (trim($feed) == '') { + require_once 'Zend/Feed/Exception.php'; + throw new Zend_Feed_Exception('Remote feed being imported' + . ' is an Empty string or comes from an empty HTTP response'); + } + $status = $doc->loadXML($feed); + libxml_disable_entity_loader($libxml_entity_loader); + libxml_use_internal_errors($libxml_errflag); + + if (!$status) { + // prevent the class to generate an undefined variable notice (ZF-2590) + // Build error message + $error = libxml_get_last_error(); + if ($error && $error->message) { + $errormsg = "DOMDocument cannot parse XML: {$error->message}"; + } else { + $errormsg = "DOMDocument cannot parse XML"; + } + + + /** + * @see Zend_Feed_Exception + */ + require_once 'Zend/Feed/Exception.php'; + throw new Zend_Feed_Exception($errormsg); + } + + return $doc->saveXML($doc->documentElement); + } }