diff -r 5a6b6e770365 -r 68c69c656a2c web/lib/Zend/Json.php --- a/web/lib/Zend/Json.php Thu May 07 15:10:09 2015 +0200 +++ b/web/lib/Zend/Json.php Thu May 07 15:16:02 2015 +0200 @@ -14,9 +14,9 @@ * * @category Zend * @package Zend_Json - * @copyright Copyright (c) 2005-2012 Zend Technologies USA Inc. (http://www.zend.com) + * @copyright Copyright (c) 2005-2015 Zend Technologies USA Inc. (http://www.zend.com) * @license http://framework.zend.com/license/new-bsd New BSD License - * @version $Id: Json.php 24593 2012-01-05 20:35:02Z matthew $ + * @version $Id$ */ /** @@ -26,6 +26,8 @@ */ require_once 'Zend/Json/Expr.php'; +/** @see Zend_Xml_Security */ +require_once 'Zend/Xml/Security.php'; /** * Class for encoding to and decoding from JSON. @@ -33,7 +35,7 @@ * @category Zend * @package Zend_Json * @uses Zend_Json_Expr - * @copyright Copyright (c) 2005-2012 Zend Technologies USA Inc. (http://www.zend.com) + * @copyright Copyright (c) 2005-2015 Zend Technologies USA Inc. (http://www.zend.com) * @license http://framework.zend.com/license/new-bsd New BSD License */ class Zend_Json @@ -77,7 +79,9 @@ // php < 5.3 if (!function_exists('json_last_error')) { - if ($decode === $encodedValue) { + if (strtolower($encodedValue) === 'null') { + return null; + } elseif ($decode === null) { require_once 'Zend/Json/Exception.php'; throw new Zend_Json_Exception('Decoding failed'); } @@ -341,7 +345,7 @@ public static function fromXml($xmlStringContents, $ignoreXmlAttributes=true) { // Load the XML formatted string into a Simple XML Element object. - $simpleXmlElementObject = simplexml_load_string($xmlStringContents); + $simpleXmlElementObject = Zend_Xml_Security::scan($xmlStringContents); // If it is not a valid XML content, throw an exception. if ($simpleXmlElementObject == null) {