prevents injection of malicious doc types

src/Symfony/Component/DependencyInjection/Loader/XmlFileLoader.php

@@ -223,6 +223,12 @@ class XmlFileLoader extends FileLoader
 
         libxml_use_internal_errors($internalErrors);
 
+        foreach ($dom->childNodes as $child) {
+            if ($child->nodeType === XML_DOCUMENT_TYPE_NODE) {
+                throw new \InvalidArgumentException('Document types are not allowed.');
+            }
+        }
+
         $this->validate($dom, $file);
 
         return simplexml_import_dom($dom, 'Symfony\\Component\\DependencyInjection\\SimpleXMLElement');

src/Symfony/Component/Routing/Loader/XmlFileLoader.php

@@ -162,6 +162,12 @@ class XmlFileLoader extends FileLoader
 
         libxml_use_internal_errors($internalErrors);
 
+        foreach ($dom->childNodes as $child) {
+            if ($child->nodeType === XML_DOCUMENT_TYPE_NODE) {
+                throw new \InvalidArgumentException('Document types are not allowed.');
+            }
+        }
+
         $this->validate($dom);
 
         return $dom;

src/Symfony/Component/Translation/Loader/XliffFileLoader.php

@@ -64,6 +64,14 @@ class XliffFileLoader implements LoaderInterface
             throw new \RuntimeException(implode("\n", $this->getXmlErrors($internalErrors)));
         }
 
+        foreach ($dom->childNodes as $child) {
+            if ($child->nodeType === XML_DOCUMENT_TYPE_NODE) {
+                libxml_use_internal_errors($internalErrors);
+
+                throw new \RuntimeException('Document types are not allowed.');
+            }
+        }
+
         $location = str_replace('\\', '/', __DIR__).'/schema/dic/xliff-core/xml.xsd';
         $parts = explode('/', $location);
         if (0 === stripos($location, 'phar://')) {

src/Symfony/Component/Validator/Mapping/Loader/XmlFileLoader.php

@@ -195,6 +195,12 @@ class XmlFileLoader extends FileLoader
 
         libxml_use_internal_errors($internalErrors);
 
+        foreach ($dom->childNodes as $child) {
+            if ($child->nodeType === XML_DOCUMENT_TYPE_NODE) {
+                throw new MappingException('Document types are not allowed.');
+            }
+        }
+
         return simplexml_import_dom($dom);
     }
 

tests/Symfony/Tests/Component/DependencyInjection/Fixtures/xml/withdoctype.xml

@@ -0,0 +1,3 @@
+<?xml version="1.0"?>
+<!DOCTYPE foo>
+<foo></foo>

tests/Symfony/Tests/Component/DependencyInjection/Loader/XmlFileLoaderTest.php

@@ -310,4 +310,16 @@ class XmlFileLoaderTest extends \PHPUnit_Framework_TestCase
         $inner2 = $services[(string) $args2[0]];
         $this->assertEquals('BarClass2', $inner2->getClass(), '->load() uses the same configuration as for the anonymous ones');
     }
+
+    /**
+     * @expectedException \InvalidArgumentException
+     * @expectedExceptionMessage Document types are not allowed.
+     */
+    public function testDocTypeIsNotAllowed()
+    {
+        $container = new ContainerBuilder();
+
+        $loader1 = new XmlFileLoader($container, new FileLocator(self::$fixturesPath.'/xml'));
+        $loader1->load('withdoctype.xml');
+    }
 }

tests/Symfony/Tests/Component/Routing/Fixtures/withdoctype.xml

@@ -0,0 +1,3 @@
+<?xml version="1.0"?>
+<!DOCTYPE foo>
+<foo></foo>

tests/Symfony/Tests/Component/Routing/Loader/XmlFileLoaderTest.php

@@ -75,6 +75,16 @@ class XmlFileLoaderTest extends \PHPUnit_Framework_TestCase
     {
         return array(array('nonvalidnode.xml'), array('nonvalidroute.xml'), array('nonvalid.xml'));
     }
+
+    /**
+     * @expectedException \InvalidArgumentException
+     * @expectedExceptionMessage Document types are not allowed.
+     */
+    public function testDocTypeIsNotAllowed()
+    {
+        $loader = new XmlFileLoader(new FileLocator(array(__DIR__.'/../Fixtures')));
+        $loader->load('withdoctype.xml');
+    }
 }
 
 /**

tests/Symfony/Tests/Component/Translation/Loader/XliffFileLoaderTest.php

@@ -54,4 +54,14 @@ class XliffFileLoaderTest extends \PHPUnit_Framework_TestCase
         $resource = 'http://example.com/resources.xliff';
         $loader->load($resource, 'en', 'domain1');
     }
+
+    /**
+     * @expectedException        \RuntimeException
+     * @expectedExceptionMessage Document types are not allowed.
+     */
+    public function testDocTypeIsNotAllowed()
+    {
+        $loader = new XliffFileLoader();
+        $loader->load(__DIR__.'/../fixtures/withdoctype.xliff', 'en', 'domain1');
+    }
 }

tests/Symfony/Tests/Component/Translation/fixtures/withdoctype.xliff

@@ -0,0 +1,12 @@
+<?xml version="1.0"?>
+<!DOCTYPE foo>
+<xliff version="1.2" xmlns="urn:oasis:names:tc:xliff:document:1.2">
+    <file source-language="en" datatype="plaintext" original="file.ext">
+        <body>
+            <trans-unit id="1">
+                <source>foo</source>
+                <target>bar</target>
+            </trans-unit>
+        </body>
+    </file>
+</xliff>

tests/Symfony/Tests/Component/Validator/Mapping/Loader/XmlFileLoaderTest.php

@@ -71,4 +71,16 @@ class XmlFileLoaderTest extends \PHPUnit_Framework_TestCase
 
         $this->assertEquals($expected, $metadata);
     }
+
+    /**
+     * @expectedException        Symfony\Component\Validator\Exception\MappingException
+     * @expectedExceptionMessage Document types are not allowed.
+     */
+    public function testDocTypeIsNotAllowed()
+    {
+        $loader = new XmlFileLoader(__DIR__.'/withdoctype.xml');
+        $metadata = new ClassMetadata('Symfony\Tests\Component\Validator\Fixtures\Entity');
+
+        $loader->loadClassMetadata($metadata);
+    }
 }

tests/Symfony/Tests/Component/Validator/Mapping/Loader/withdoctype.xml

@@ -0,0 +1,7 @@
+<?xml version="1.0"?>
+<!DOCTYPE foo>
+<constraint-mapping xmlns="http://symfony.com/schema/dic/constraint-mapping"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://symfony.com/schema/dic/constraint-mapping http://symfony.com/schema/dic/services/constraint-mapping-1.0.xsd">
+  <class name="Symfony\Tests\Component\Validator\Fixtures\Entity" />
+</constraint-mapping>