force enabling the external XML entity loaders

xabbuh · xabbuh · commit ceed3cad0644 · 2016-06-11T12:13:28.000+02:00
diff --git a/Loader/XliffFileLoader.php b/Loader/XliffFileLoader.php
@@ -143,10 +143,16 @@ private function parseFile($file)
         $source = file_get_contents(__DIR__.'/schema/dic/xliff-core/xliff-core-1.2-strict.xsd');
         $source = str_replace('http://www.w3.org/2001/xml.xsd', $location, $source);
 
+        $disableEntities = libxml_disable_entity_loader(false);
+
         if (!@$dom->schemaValidateSource($source)) {
+            libxml_disable_entity_loader($disableEntities);
+
             throw new InvalidResourceException(sprintf('Invalid resource provided: "%s"; Errors: %s', $file, implode("\n", $this->getXmlErrors($internalErrors))));
         }
 
+        libxml_disable_entity_loader($disableEntities);
+
         $dom->normalizeDocument();
 
         libxml_clear_errors();
diff --git a/Tests/Loader/XliffFileLoaderTest.php b/Tests/Loader/XliffFileLoaderTest.php
@@ -46,6 +46,20 @@ public function testLoadWithInternalErrorsEnabled()
         libxml_use_internal_errors($internalErrors);
     }
 
+    public function testLoadWithExternalEntitiesDisabled()
+    {
+        $disableEntities = libxml_disable_entity_loader(true);
+
+        $loader = new XliffFileLoader();
+        $resource = __DIR__.'/../fixtures/resources.xlf';
+        $catalogue = $loader->load($resource, 'en', 'domain1');
+
+        libxml_disable_entity_loader($disableEntities);
+
+        $this->assertEquals('en', $catalogue->getLocale());
+        $this->assertEquals(array(new FileResource($resource)), $catalogue->getResources());
+    }
+
     public function testLoadWithResname()
     {
         $loader = new XliffFileLoader();
