From 85542df47902fad02e9d31c14a9a2d2f16f88df3 Mon Sep 17 00:00:00 2001
From: Andreas Fernandez <a.fernandez@scripting-base.de>
Date: Thu, 10 Mar 2016 14:10:12 +0100
Subject: [PATCH] [BUGFIX] Load XML files of t3editor properly

Since the XEE security fix (I26701fc2ffb5aed7ccbd96c168aef571d012091e),
the XML files in the t3editor are not loaded anymore. Change the way how
the files are loaded to fix the issue.

Change-Id: I26c622e47ee0f791b998886837f4443f5bddf11b
Resolves: #74508
Releases: master, 7.6, 6.2
Reviewed-on: https://review.typo3.org/47173
Reviewed-by: Nicole Cordes <typo3@cordes.co>
Tested-by: Nicole Cordes <typo3@cordes.co>
Reviewed-by: Mathias Schreiber <mathias.schreiber@wmdb.de>
Tested-by: Mathias Schreiber <mathias.schreiber@wmdb.de>
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Markus Klein <markus.klein@typo3.org>
---
 typo3/sysext/t3editor/Classes/TypoScriptReferenceLoader.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/typo3/sysext/t3editor/Classes/TypoScriptReferenceLoader.php b/typo3/sysext/t3editor/Classes/TypoScriptReferenceLoader.php
index 7948aa00029e..cbf149439236 100644
--- a/typo3/sysext/t3editor/Classes/TypoScriptReferenceLoader.php
+++ b/typo3/sysext/t3editor/Classes/TypoScriptReferenceLoader.php
@@ -78,7 +78,7 @@ class TypoScriptReferenceLoader
         // Disables the functionality to allow external entities to be loaded when parsing the XML, must be kept
         $previousValueOfEntityLoader = libxml_disable_entity_loader(true);
         $this->xmlDoc = new \DOMDocument('1.0', 'utf-8');
-        $this->xmlDoc->load($filepath);
+        $this->xmlDoc->loadXML(file_get_contents($filepath));
         libxml_disable_entity_loader($previousValueOfEntityLoader);
         // @TODO: oliver@typo3.org: I guess this is not required here
         $this->xmlDoc->saveXML();
-- 
GitLab