From b6f01983a9467454013d2b504349a518db6b2f00 Mon Sep 17 00:00:00 2001
From: Hugh Davenport <hugh@catalyst.net.nz>
Date: Fri, 7 Sep 2012 12:04:45 +1200
Subject: [PATCH 1/2] Fix XML Security bug

diff --git a/htdocs/blocktype/externalfeed/db/upgrade.php b/htdocs/blocktype/externalfeed/db/upgrade.php
index 8415c7d..a52c151 100644
--- a/htdocs/blocktype/externalfeed/db/upgrade.php
+++ b/htdocs/blocktype/externalfeed/db/upgrade.php
@@ -61,6 +61,13 @@ function xmldb_blocktype_externalfeed_upgrade($oldversion=0) {
         }
     }
 
+    if ($oldversion < 2009121601) {
+        // Reset all feeds to reset themselves
+        set_field('blocktype_externalfeed_data', 'lastupdate', db_format_timestamp('0'));
+        safe_require('blocktype', 'externalfeed');
+        call_static_method('PluginBlocktypeExternalfeed', 'refresh_feeds');
+    }
+
     return true;
 }
 
diff --git a/htdocs/blocktype/externalfeed/version.php b/htdocs/blocktype/externalfeed/version.php
index 9e1f925..4a2da30 100644
--- a/htdocs/blocktype/externalfeed/version.php
+++ b/htdocs/blocktype/externalfeed/version.php
@@ -28,7 +28,7 @@
 defined('INTERNAL') || die();
 
 $config = new StdClass;
-$config->version = 2009121600;
+$config->version = 2009121601;
 $config->release = '1.0.2';
 
 ?>
diff --git a/htdocs/init.php b/htdocs/init.php
index 02a1dd8..7601a67 100644
--- a/htdocs/init.php
+++ b/htdocs/init.php
@@ -58,6 +58,10 @@ if (!is_readable($CFG->docroot . 'config.php')) {
 
 init_performance_info();
 
+if (function_exists('libxml_disable_entity_loader')) {
+    libxml_disable_entity_loader(true); 
+}
+
 require($CFG->docroot . 'config.php');
 $CFG = (object)array_merge((array)$cfg, (array)$CFG);
 require_once('config-defaults.php');