diff -r 5a6b6e770365 -r 68c69c656a2c web/lib/Zend/Translate/Adapter/Tmx.php
--- a/web/lib/Zend/Translate/Adapter/Tmx.php	Thu May 07 15:10:09 2015 +0200
+++ b/web/lib/Zend/Translate/Adapter/Tmx.php	Thu May 07 15:16:02 2015 +0200
@@ -14,8 +14,8 @@
  *
  * @category   Zend
  * @package    Zend_Translate
- * @copyright  Copyright (c) 2005-2012 Zend Technologies USA Inc. (http://www.zend.com)
- * @version    $Id: Tmx.php 24649 2012-02-26 03:37:54Z adamlundrigan $
+ * @copyright  Copyright (c) 2005-2015 Zend Technologies USA Inc. (http://www.zend.com)
+ * @version    $Id$
  * @license    http://framework.zend.com/license/new-bsd     New BSD License
  */
 
@@ -26,11 +26,16 @@
 /** Zend_Translate_Adapter */
 require_once 'Zend/Translate/Adapter.php';
 
+/** @see Zend_Xml_Security */
+require_once 'Zend/Xml/Security.php';
+
+/** @See Zend_Xml_Exception */
+require_once 'Zend/Xml/Exception.php';
 
 /**
  * @category   Zend
  * @package    Zend_Translate
- * @copyright  Copyright (c) 2005-2012 Zend Technologies USA Inc. (http://www.zend.com)
+ * @copyright  Copyright (c) 2005-2015 Zend Technologies USA Inc. (http://www.zend.com)
  * @license    http://framework.zend.com/license/new-bsd     New BSD License
  */
 class Zend_Translate_Adapter_Tmx extends Zend_Translate_Adapter {
@@ -73,6 +78,15 @@
         xml_set_element_handler($this->_file, "_startElement", "_endElement");
         xml_set_character_data_handler($this->_file, "_contentElement");
 
+        try {
+            Zend_Xml_Security::scanFile($filename);
+        } catch (Zend_Xml_Exception $e) {
+            require_once 'Zend/Translate/Exception.php';
+            throw new Zend_Translate_Exception(
+                $e->getMessage()
+            );
+        }
+ 
         if (!xml_parse($this->_file, file_get_contents($filename))) {
             $ex = sprintf('XML error: %s at line %d of file %s',
                           xml_error_string(xml_get_error_code($this->_file)),