More libxml_disable_entity_loader

ryanbrainard · ryanbrainard · commit be9b2e251f1b · 2016-05-26T22:54:23.000+09:00
diff --git a/workbench/bulkclient/BatchInfo.php b/workbench/bulkclient/BatchInfo.php
@@ -51,7 +51,12 @@ class BatchInfo {
     private $xml;
 
     public function __construct($xml) {
-        $this->xml = new SimpleXMLElement($xml);
+        try {
+            libxml_disable_entity_loader(true);
+            $this->xml = new SimpleXMLElement(disallowDoctype($xml));
+        } finally {
+            libxml_disable_entity_loader(false);
+        }
 
         if ($this->getExceptionCode() != "") {
             throw new Exception($this->getExceptionCode() . ": " . $this->getExceptionMessage());
diff --git a/workbench/bulkclient/BulkApiClient.php b/workbench/bulkclient/BulkApiClient.php
@@ -280,7 +280,13 @@ public function getBatchInfo($jobId, $batchId) {
     public function getBatchInfos($jobId) {
         $batchInfos = array();
 
-        $batchInfoList = new SimpleXMLElement($this->get($this->url(array(self::JOB, $jobId, self::BATCH))));
+        try {
+            libxml_disable_entity_loader(true);
+            $batchInfoList = new SimpleXMLElement(disallowDoctype($this->get($this->url(array(self::JOB, $jobId, self::BATCH)))));
+        } finally {
+            libxml_disable_entity_loader(false);
+        }
+        
         foreach ($batchInfoList as $batchInfoListItem) {
             $batchInfos["$batchInfoListItem->id"] = new BatchInfo($batchInfoListItem->asXml());
         }
diff --git a/workbench/bulkclient/JobInfo.php b/workbench/bulkclient/JobInfo.php
@@ -39,7 +39,12 @@ class JobInfo {
 
     public function __construct($xml = null) {
         if ($xml != null) {
-            $this->xml = new SimpleXMLElement($xml);
+            try {
+                libxml_disable_entity_loader(true);
+                $this->xml = new SimpleXMLElement(disallowDoctype($xml));
+            } finally {
+                libxml_disable_entity_loader(false);
+            }
         } else {
             $this->xml = new SimpleXMLElement("<jobInfo xmlns=\"http://www.force.com/2009/06/asyncapi/dataload\"/>");
 
diff --git a/workbench/shared.php b/workbench/shared.php
@@ -643,9 +643,12 @@ function in_arrayi($needle, $haystack) {
  */
 function prettyPrintXml($xml, $htmlOutput=FALSE) {
     try {
-        $xmlObj = new SimpleXMLElement($xml);
+        libxml_disable_entity_loader(true);
+        $xmlObj = new SimpleXMLElement(disallowDoctype($xml));
     } catch (Exception $e) {
         return $xml;
+    } finally {
+        libxml_disable_entity_loader(false);
     }
 
     $xmlLines = explode("
