s7ntech
diff --git a/‎src/Symfony/Component/DependencyInjection/Loader/XmlFileLoader.php
Lines changed: 6 additions & 0 deletions b/‎src/Symfony/Component/DependencyInjection/Loader/XmlFileLoader.php
Lines changed: 6 additions & 0 deletions
diff --git a/‎src/Symfony/Component/Routing/Loader/XmlFileLoader.php
Lines changed: 6 additions & 0 deletions b/‎src/Symfony/Component/Routing/Loader/XmlFileLoader.php
Lines changed: 6 additions & 0 deletions
diff --git a/‎src/Symfony/Component/Translation/Loader/XliffFileLoader.php
Lines changed: 8 additions & 0 deletions b/‎src/Symfony/Component/Translation/Loader/XliffFileLoader.php
Lines changed: 8 additions & 0 deletions
diff --git a/‎src/Symfony/Component/Validator/Mapping/Loader/XmlFileLoader.php
Lines changed: 6 additions & 0 deletions b/‎src/Symfony/Component/Validator/Mapping/Loader/XmlFileLoader.php
Lines changed: 6 additions & 0 deletions
diff --git a/‎tests/Symfony/Tests/Component/DependencyInjection/Fixtures/xml/withdoctype.xml
Lines changed: 3 additions & 0 deletions b/‎tests/Symfony/Tests/Component/DependencyInjection/Fixtures/xml/withdoctype.xml
Lines changed: 3 additions & 0 deletions
diff --git a/‎tests/Symfony/Tests/Component/DependencyInjection/Loader/XmlFileLoaderTest.php
Lines changed: 12 additions & 0 deletions b/‎tests/Symfony/Tests/Component/DependencyInjection/Loader/XmlFileLoaderTest.php
Lines changed: 12 additions & 0 deletions
diff --git a/‎tests/Symfony/Tests/Component/Routing/Fixtures/withdoctype.xml
Lines changed: 3 additions & 0 deletions b/‎tests/Symfony/Tests/Component/Routing/Fixtures/withdoctype.xml
Lines changed: 3 additions & 0 deletions
diff --git a/‎tests/Symfony/Tests/Component/Routing/Loader/XmlFileLoaderTest.php
Lines changed: 10 additions & 0 deletions b/‎tests/Symfony/Tests/Component/Routing/Loader/XmlFileLoaderTest.php
Lines changed: 10 additions & 0 deletions
diff --git a/‎tests/Symfony/Tests/Component/Translation/Loader/XliffFileLoaderTest.php
Lines changed: 10 additions & 0 deletions b/‎tests/Symfony/Tests/Component/Translation/Loader/XliffFileLoaderTest.php
Lines changed: 10 additions & 0 deletions
diff --git a/‎tests/Symfony/Tests/Component/Translation/fixtures/withdoctype.xliff
Lines changed: 12 additions & 0 deletions b/‎tests/Symfony/Tests/Component/Translation/fixtures/withdoctype.xliff
Lines changed: 12 additions & 0 deletions
@@ -223,6 +223,12 @@ private function parseFile($file)
 
         libxml_use_internal_errors($internalErrors);
 
+        foreach ($dom->childNodes as $child) {
+            if ($child->nodeType === XML_DOCUMENT_TYPE_NODE) {
+                throw new \InvalidArgumentException('Document types are not allowed.');
+            }
+        }
+
         $this->validate($dom, $file);
 
         return simplexml_import_dom($dom, 'Symfony\\Component\\DependencyInjection\\SimpleXMLElement');
 
@@ -162,6 +162,12 @@ protected function loadFile($file)
 
         libxml_use_internal_errors($internalErrors);
 
+        foreach ($dom->childNodes as $child) {
+            if ($child->nodeType === XML_DOCUMENT_TYPE_NODE) {
+                throw new \InvalidArgumentException('Document types are not allowed.');
+            }
+        }
+
         $this->validate($dom);
 
         return $dom;
 
@@ -64,6 +64,14 @@ private function parseFile($file)
             throw new \RuntimeException(implode("\n", $this->getXmlErrors($internalErrors)));
         }
 
+        foreach ($dom->childNodes as $child) {
+            if ($child->nodeType === XML_DOCUMENT_TYPE_NODE) {
+                libxml_use_internal_errors($internalErrors);
+
+                throw new \RuntimeException('Document types are not allowed.');
+            }
+        }
+
         $location = str_replace('\\', '/', __DIR__).'/schema/dic/xliff-core/xml.xsd';
         $parts = explode('/', $location);
         if (0 === stripos($location, 'phar://')) {
 
@@ -195,6 +195,12 @@ protected function parseFile($file)
 
         libxml_use_internal_errors($internalErrors);
 
+        foreach ($dom->childNodes as $child) {
+            if ($child->nodeType === XML_DOCUMENT_TYPE_NODE) {
+                throw new MappingException('Document types are not allowed.');
+            }
+        }
+
         return simplexml_import_dom($dom);
     }
 
 
@@ -0,0 +1,3 @@
+<?xml version="1.0"?>
+<!DOCTYPE foo>
+<foo></foo>
@@ -310,4 +310,16 @@ public function testNoNamingConflictsForAnonymousServices()
         $inner2 = $services[(string) $args2[0]];
         $this->assertEquals('BarClass2', $inner2->getClass(), '->load() uses the same configuration as for the anonymous ones');
     }
+
+    /**
+     * @expectedException \InvalidArgumentException
+     * @expectedExceptionMessage Document types are not allowed.
+     */
+    public function testDocTypeIsNotAllowed()
+    {
+        $container = new ContainerBuilder();
+
+        $loader1 = new XmlFileLoader($container, new FileLocator(self::$fixturesPath.'/xml'));
+        $loader1->load('withdoctype.xml');
+    }
 }
@@ -0,0 +1,3 @@
+<?xml version="1.0"?>
+<!DOCTYPE foo>
+<foo></foo>
@@ -75,6 +75,16 @@ public function getPathsToInvalidFiles()
     {
         return array(array('nonvalidnode.xml'), array('nonvalidroute.xml'), array('nonvalid.xml'));
     }
+
+    /**
+     * @expectedException \InvalidArgumentException
+     * @expectedExceptionMessage Document types are not allowed.
+     */
+    public function testDocTypeIsNotAllowed()
+    {
+        $loader = new XmlFileLoader(new FileLocator(array(__DIR__.'/../Fixtures')));
+        $loader->load('withdoctype.xml');
+    }
 }
 
 /**
 
@@ -54,4 +54,14 @@ public function testLoadThrowsAnExceptionIfFileNotLocal()
         $resource = 'http://example.com/resources.xliff';
         $loader->load($resource, 'en', 'domain1');
     }
+
+    /**
+     * @expectedException        \RuntimeException
+     * @expectedExceptionMessage Document types are not allowed.
+     */
+    public function testDocTypeIsNotAllowed()
+    {
+        $loader = new XliffFileLoader();
+        $loader->load(__DIR__.'/../fixtures/withdoctype.xliff', 'en', 'domain1');
+    }
 }
@@ -0,0 +1,12 @@
+<?xml version="1.0"?>
+<!DOCTYPE foo>
+<xliff version="1.2" xmlns="urn:oasis:names:tc:xliff:document:1.2">
+    <file source-language="en" datatype="plaintext" original="file.ext">
+        <body>
+            <trans-unit id="1">
+                <source>foo</source>
+                <target>bar</target>
+            </trans-unit>
+        </body>
+    </file>
+</xliff>
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+<?xml version="1.0"?>`
	`2`	`+<!DOCTYPE foo>`
	`3`	`+<foo></foo>`
Original file line number	Diff line number	Diff line change
`@@ -75,6 +75,16 @@ public function getPathsToInvalidFiles()`
`75`	`75`	`{`
`76`	`76`	`return array(array('nonvalidnode.xml'), array('nonvalidroute.xml'), array('nonvalid.xml'));`
`77`	`77`	`}`
	`78`	`+`
	`79`	`+ /**`
	`80`	`+ * @expectedException \InvalidArgumentException`
	`81`	`+ * @expectedExceptionMessage Document types are not allowed.`
	`82`	`+ */`
	`83`	`+ public function testDocTypeIsNotAllowed()`
	`84`	`+ {`
	`85`	`+ $loader = new XmlFileLoader(new FileLocator(array(__DIR__.'/../Fixtures')));`
	`86`	`+ $loader->load('withdoctype.xml');`
	`87`	`+ }`
`78`	`88`	`}`
`79`	`89`
`80`	`90`	`/**`