remove xxe checks for loadHML since it is apparenly no possible to exploit it

author: Bernhard Posselt <dev@bernhard-posselt.com> 2015-01-27 09:17:15 +0100
committer: Bernhard Posselt <dev@bernhard-posselt.com> 2015-01-27 09:17:15 +0100
commit: fe3969f3759998d3f567a6769535640be69ea1e9 (patch)
tree: 774efc15376860697c0648e49bf8066317b0d118 /articleenhancer/globalarticleenhancer.php
parent: 32ec52747b7f2e25df273471bc6be480aa2dcca9 (diff)
1 files changed, 5 insertions, 6 deletions
diff --git a/articleenhancer/globalarticleenhancer.php b/articleenhancer/globalarticleenhancer.php
index 1939ca41c..004d92a9f 100644
--- a/articleenhancer/globalarticleenhancer.php
+++ b/articleenhancer/globalarticleenhancer.php
@@ -13,7 +13,8 @@
 
 namespace OCA\News\ArticleEnhancer;
 
-use \ZendXml\Security;
+use DomDocument;
+use DOMXpath;
 
 use \OCA\News\Db\Item;
 
@@ -26,17 +27,15 @@ class GlobalArticleEnhancer implements ArticleEnhancer {
      */
     public function enhance(Item $item) {
 
-        $dom = new \DOMDocument();
+        $dom = new DOMDocument();
 
         // wrap it inside a div if there is none to prevent invalid wrapping
         // inside <p> tags
         $body = '<div>' . $item->getBody() . '</div>';
 
-        $isOk = Security::scanHtml(
-            $body, $dom, LIBXML_HTML_NOIMPLIED | LIBXML_HTML_NODEFDTD
-        );
+        @$dom->loadHTML($body, LIBXML_HTML_NOIMPLIED | LIBXML_HTML_NODEFDTD);
 
-        $xpath = new \DOMXpath($dom);
+        $xpath = new DOMXpath($dom);
 
         // remove youtube autoplay
         // NOTE: PHP supports only XPath 1.0 so no matches() function :(
author	Bernhard Posselt <dev@bernhard-posselt.com>	2015-01-27 09:17:15 +0100
committer	Bernhard Posselt <dev@bernhard-posselt.com>	2015-01-27 09:17:15 +0100
commit	fe3969f3759998d3f567a6769535640be69ea1e9 (patch)
tree	774efc15376860697c0648e49bf8066317b0d118 /articleenhancer/globalarticleenhancer.php
parent	32ec52747b7f2e25df273471bc6be480aa2dcca9 (diff)