From 4ff9294af0ce24d40aec58ef39b1550732586bd8 Mon Sep 17 00:00:00 2001
From: Fabien Potencier <fabien.potencier@gmail.com>
Date: Mon, 27 Aug 2012 19:10:00 +0200
Subject: [PATCH] prevents injection of malicious doc types

---
 Loader/XmlFileLoader.php | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/Loader/XmlFileLoader.php b/Loader/XmlFileLoader.php
index 6cca9e40..bfe6d62f 100644
--- a/Loader/XmlFileLoader.php
+++ b/Loader/XmlFileLoader.php
@@ -162,6 +162,12 @@ protected function loadFile($file)
 
         libxml_use_internal_errors($internalErrors);
 
+        foreach ($dom->childNodes as $child) {
+            if ($child->nodeType === XML_DOCUMENT_TYPE_NODE) {
+                throw new \InvalidArgumentException('Document types are not allowed.');
+            }
+        }
+
         $this->validate($dom);
 
         return $dom;