diff -r 5a6b6e770365 -r 68c69c656a2c web/lib/Zend/Feed/Reader.php --- a/web/lib/Zend/Feed/Reader.php Thu May 07 15:10:09 2015 +0200 +++ b/web/lib/Zend/Feed/Reader.php Thu May 07 15:16:02 2015 +0200 @@ -14,9 +14,9 @@ * * @category Zend * @package Zend_Feed_Reader - * @copyright Copyright (c) 2005-2012 Zend Technologies USA Inc. (http://www.zend.com) + * @copyright Copyright (c) 2005-2015 Zend Technologies USA Inc. (http://www.zend.com) * @license http://framework.zend.com/license/new-bsd New BSD License - * @version $Id: Reader.php 25275 2013-03-06 09:55:33Z frosch $ + * @version $Id$ */ /** @@ -39,10 +39,16 @@ */ require_once 'Zend/Feed/Reader/FeedSet.php'; +/** @see Zend_Xml_Security */ +require_once 'Zend/Xml/Security.php'; + +/** @see Zend_Xml_Exception */ +require_once 'Zend/Xml/Exception.php'; + /** * @category Zend * @package Zend_Feed_Reader - * @copyright Copyright (c) 2005-2012 Zend Technologies USA Inc. (http://www.zend.com) + * @copyright Copyright (c) 2005-2015 Zend Technologies USA Inc. (http://www.zend.com) * @license http://framework.zend.com/license/new-bsd New BSD License */ class Zend_Feed_Reader @@ -326,29 +332,23 @@ } /** - * Import a feed froma string + * Import a feed from a string * * @param string $string * @return Zend_Feed_Reader_FeedInterface */ public static function importString($string) { - $libxml_errflag = libxml_use_internal_errors(true); - $oldValue = libxml_disable_entity_loader(true); $dom = new DOMDocument; - $status = $dom->loadXML($string); - foreach ($dom->childNodes as $child) { - if ($child->nodeType === XML_DOCUMENT_TYPE_NODE) { - require_once 'Zend/Feed/Exception.php'; - throw new Zend_Feed_Exception( - 'Invalid XML: Detected use of illegal DOCTYPE' - ); - } + try { + $dom = Zend_Xml_Security::scan($string, $dom); + } catch (Zend_Xml_Exception $e) { + require_once 'Zend/Feed/Exception.php'; + throw new Zend_Feed_Exception( + $e->getMessage() + ); } - libxml_disable_entity_loader($oldValue); - libxml_use_internal_errors($libxml_errflag); - - if (!$status) { + if (!$dom) { // Build error message $error = libxml_get_last_error(); if ($error && $error->message) { @@ -455,20 +455,19 @@ $dom = $feed; } elseif(is_string($feed) && !empty($feed)) { @ini_set('track_errors', 1); - $oldValue = libxml_disable_entity_loader(true); + //$oldValue = libxml_disable_entity_loader(true); $dom = new DOMDocument; - $status = @$dom->loadXML($feed); - foreach ($dom->childNodes as $child) { - if ($child->nodeType === XML_DOCUMENT_TYPE_NODE) { - require_once 'Zend/Feed/Exception.php'; - throw new Zend_Feed_Exception( - 'Invalid XML: Detected use of illegal DOCTYPE' - ); - } + try { + $dom = Zend_Xml_Security::scan($feed, $dom); + } catch (Zend_Xml_Exception $e) { + require_once 'Zend/Feed/Exception.php'; + throw new Zend_Feed_Exception( + $e->getMessage() + ); } - libxml_disable_entity_loader($oldValue); + //libxml_disable_entity_loader($oldValue); @ini_restore('track_errors'); - if (!$status) { + if (!$dom) { if (!isset($php_errormsg)) { if (function_exists('xdebug_is_enabled')) { $php_errormsg = '(error message not available, when XDebug is running)';