From f8e11569ef99fa1daf15a337a4d0f0d0fcc51742 Mon Sep 17 00:00:00 2001
From: Bernhard Posselt <dev@bernhard-posselt.com>
Date: Sat, 4 Oct 2014 11:12:59 +0200
Subject: zendxml for global enhancer

---
 articleenhancer/globalarticleenhancer.php | 8 ++++----
 tests/classloader.php                     | 1 +
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/articleenhancer/globalarticleenhancer.php b/articleenhancer/globalarticleenhancer.php
index 7d8385db2..14f92182d 100644
--- a/articleenhancer/globalarticleenhancer.php
+++ b/articleenhancer/globalarticleenhancer.php
@@ -32,10 +32,10 @@ class GlobalArticleEnhancer implements ArticleEnhancer {
 		// inside <p> tags
 		$body = '<div>' . $item->getBody() . '</div>';
 
-		$loadEntities = libxml_disable_entity_loader(true);
-		@$dom->loadHTML($body, LIBXML_HTML_NOIMPLIED | LIBXML_HTML_NODEFDTD
-			| LIBXML_NONET);
-		libxml_disable_entity_loader($loadEntities);
+		$dom = Security::scan($body, $dom, function ($xml, $dom) {
+			return @$dom->loadHTML($xml, LIBXML_HTML_NOIMPLIED
+				| LIBXML_HTML_NODEFDTD | LIBXML_NONET);
+		});
 
 		$xpath = new \DOMXpath($dom);
 
diff --git a/tests/classloader.php b/tests/classloader.php
index fc133eaf5..ef3849849 100644
--- a/tests/classloader.php
+++ b/tests/classloader.php
@@ -11,6 +11,7 @@
  * @copyright Bernhard Posselt 2012, 2014
  */
 
+require_once __DIR__ . '/../3rdparty/ZendXml/vendor/autoload.php';
 require_once __DIR__ . '/../3rdparty/simplepie/autoloader.php';
 require_once __DIR__ . '/../../../tests/lib/appframework/db/mappertestutility.php';
 
-- 
cgit v1.2.3