diff options
-rw-r--r-- | articleenhancer/globalarticleenhancer.php | 8 | ||||
-rw-r--r-- | tests/classloader.php | 1 |
2 files changed, 5 insertions, 4 deletions
diff --git a/articleenhancer/globalarticleenhancer.php b/articleenhancer/globalarticleenhancer.php index 7d8385db2..14f92182d 100644 --- a/articleenhancer/globalarticleenhancer.php +++ b/articleenhancer/globalarticleenhancer.php @@ -32,10 +32,10 @@ class GlobalArticleEnhancer implements ArticleEnhancer { // inside <p> tags $body = '<div>' . $item->getBody() . '</div>'; - $loadEntities = libxml_disable_entity_loader(true); - @$dom->loadHTML($body, LIBXML_HTML_NOIMPLIED | LIBXML_HTML_NODEFDTD - | LIBXML_NONET); - libxml_disable_entity_loader($loadEntities); + $dom = Security::scan($body, $dom, function ($xml, $dom) { + return @$dom->loadHTML($xml, LIBXML_HTML_NOIMPLIED + | LIBXML_HTML_NODEFDTD | LIBXML_NONET); + }); $xpath = new \DOMXpath($dom); diff --git a/tests/classloader.php b/tests/classloader.php index fc133eaf5..ef3849849 100644 --- a/tests/classloader.php +++ b/tests/classloader.php @@ -11,6 +11,7 @@ * @copyright Bernhard Posselt 2012, 2014 */ +require_once __DIR__ . '/../3rdparty/ZendXml/vendor/autoload.php'; require_once __DIR__ . '/../3rdparty/simplepie/autoloader.php'; require_once __DIR__ . '/../../../tests/lib/appframework/db/mappertestutility.php'; |