From 9c5bd1784ccfff00c8031ff03446b4ad7c5131be Mon Sep 17 00:00:00 2001
From: Bernhard Posselt <dev@bernhard-posselt.com>
Date: Sat, 4 Oct 2014 11:14:59 +0200
Subject: zendxml for faviconfetcher

---
 utility/faviconfetcher.php | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

(limited to 'utility')

diff --git a/utility/faviconfetcher.php b/utility/faviconfetcher.php
index a4ae54a6e..e05a76319 100644
--- a/utility/faviconfetcher.php
+++ b/utility/faviconfetcher.php
@@ -78,14 +78,14 @@ class FaviconFetcher {
 
         /** @noinspection PhpUndefinedFieldInspection */
         if($file->body !== '') {
-			$document = new \DOMDocument();
-            /** @noinspection PhpUndefinedFieldInspection */
-            $loadEntities = libxml_disable_entity_loader(true);
-            @$document->loadHTML($file->body, LIBXML_NONET);
-            libxml_disable_entity_loader($loadEntities);
-
-			if($document) {
-				$xpath = new \DOMXpath($document);
+			$dom = new \DOMDocument();
+
+			$dom = Security::scan($file->body, $dom, function ($xml, $dom) {
+				return @$dom->loadHTML($xml, LIBXML_NONET);
+			});
+
+			if($dom) {
+				$xpath = new \DOMXpath($dom);
 				$elements = $xpath->query("//link[contains(@rel, 'icon')]");
 
 				if ($elements->length > 0) {
-- 
cgit v1.2.3