diff -r 5a6b6e770365 -r 68c69c656a2c web/lib/Zend/Dom/Query.php
--- a/web/lib/Zend/Dom/Query.php	Thu May 07 15:10:09 2015 +0200
+++ b/web/lib/Zend/Dom/Query.php	Thu May 07 15:16:02 2015 +0200
@@ -14,9 +14,9 @@
  *
  * @category   Zend
  * @package    Zend_Dom
- * @copyright  Copyright (c) 2005-2012 Zend Technologies USA Inc. (http://www.zend.com)
+ * @copyright  Copyright (c) 2005-2015 Zend Technologies USA Inc. (http://www.zend.com)
  * @license    http://framework.zend.com/license/new-bsd     New BSD License
- * @version    $Id: Query.php 25033 2012-08-17 19:50:08Z matthew $
+ * @version    $Id$
  */
 
 /**
@@ -29,12 +29,18 @@
  */
 require_once 'Zend/Dom/Query/Result.php';
 
+/** @see Zend_Xml_Security */
+require_once 'Zend/Xml/Security.php';
+
+/** @see Zend_Xml_Exception */
+require_once 'Zend/Xml/Exception.php';
+
 /**
  * Query DOM structures based on CSS selectors and/or XPath
  *
  * @package    Zend_Dom
  * @subpackage Query
- * @copyright  Copyright (c) 2005-2012 Zend Technologies USA Inc. (http://www.zend.com)
+ * @copyright  Copyright (c) 2005-2015 Zend Technologies USA Inc. (http://www.zend.com)
  * @license    http://framework.zend.com/license/new-bsd     New BSD License
  */
 class Zend_Dom_Query
@@ -79,8 +85,8 @@
     /**
      * Constructor
      *
-     * @param  null|string $document
-     * @return void
+     * @param null|string $document
+     * @param null|string $encoding
      */
     public function __construct($document = null, $encoding = null)
     {
@@ -233,7 +239,8 @@
      * Perform an XPath query
      *
      * @param  string|array $xpathQuery
-     * @param  string $query CSS selector query
+     * @param  string       $query CSS selector query
+     * @throws Zend_Dom_Exception
      * @return Zend_Dom_Query_Result
      */
     public function queryXpath($xpathQuery, $query = null)
@@ -245,7 +252,6 @@
 
         $encoding = $this->getEncoding();
         libxml_use_internal_errors(true);
-        libxml_disable_entity_loader(true);
         if (null === $encoding) {
             $domDoc = new DOMDocument('1.0');
         } else {
@@ -254,14 +260,14 @@
         $type   = $this->getDocumentType();
         switch ($type) {
             case self::DOC_XML:
-                $success = $domDoc->loadXML($document);
-                foreach ($domDoc->childNodes as $child) {
-                    if ($child->nodeType === XML_DOCUMENT_TYPE_NODE) {
-                        require_once 'Zend/Dom/Exception.php';
-                        throw new Zend_Dom_Exception(
-                            'Invalid XML: Detected use of illegal DOCTYPE'
-                        );
-                    }
+                try {
+                    $domDoc = Zend_Xml_Security::scan($document, $domDoc);
+                    $success = ($domDoc !== false);
+                } catch (Zend_Xml_Exception $e) {
+                    require_once 'Zend/Dom/Exception.php';
+                    throw new Zend_Dom_Exception(
+                        $e->getMessage()
+                    );
                 }
                 break;
             case self::DOC_HTML:
@@ -275,7 +281,6 @@
             $this->_documentErrors = $errors;
             libxml_clear_errors();
         }
-        libxml_disable_entity_loader(false);
         libxml_use_internal_errors(false);
 
         if (!$success) {
@@ -283,7 +288,7 @@
             throw new Zend_Dom_Exception(sprintf('Error parsing document (type == %s)', $type));
         }
 
-        $nodeList   = $this->_getNodeList($domDoc, $xpathQuery);
+        $nodeList = $this->_getNodeList($domDoc, $xpathQuery);
         return new Zend_Dom_Query_Result($query, $xpathQuery, $domDoc, $nodeList);
     }