diff -r 5a6b6e770365 -r 68c69c656a2c web/lib/Zend/Search/Lucene/Document/OpenXml.php --- a/web/lib/Zend/Search/Lucene/Document/OpenXml.php Thu May 07 15:10:09 2015 +0200 +++ b/web/lib/Zend/Search/Lucene/Document/OpenXml.php Thu May 07 15:16:02 2015 +0200 @@ -15,15 +15,17 @@ * @category Zend * @package Zend_Search_Lucene * @subpackage Document - * @copyright Copyright (c) 2005-2012 Zend Technologies USA Inc. (http://www.zend.com) + * @copyright Copyright (c) 2005-2015 Zend Technologies USA Inc. (http://www.zend.com) * @license http://framework.zend.com/license/new-bsd New BSD License - * @version $Id: OpenXml.php 24593 2012-01-05 20:35:02Z matthew $ + * @version $Id$ */ /** Zend_Search_Lucene_Document */ require_once 'Zend/Search/Lucene/Document.php'; +/** Zend_Xml_Security */ +require_once 'Zend/Xml/Security.php'; /** * OpenXML document. @@ -31,7 +33,7 @@ * @category Zend * @package Zend_Search_Lucene * @subpackage Document - * @copyright Copyright (c) 2005-2012 Zend Technologies USA Inc. (http://www.zend.com) + * @copyright Copyright (c) 2005-2015 Zend Technologies USA Inc. (http://www.zend.com) * @license http://framework.zend.com/license/new-bsd New BSD License */ abstract class Zend_Search_Lucene_Document_OpenXml extends Zend_Search_Lucene_Document @@ -83,11 +85,11 @@ $coreProperties = array(); // Read relations and search for core properties - $relations = simplexml_load_string($package->getFromName("_rels/.rels")); + $relations = Zend_Xml_Security::scan($package->getFromName("_rels/.rels")); foreach ($relations->Relationship as $rel) { if ($rel["Type"] == Zend_Search_Lucene_Document_OpenXml::SCHEMA_COREPROPERTIES) { // Found core properties! Read in contents... - $contents = simplexml_load_string( + $contents = Zend_Xml_Security::scan( $package->getFromName(dirname($rel["Target"]) . "/" . basename($rel["Target"])) );