diff -urN XML-Atom-0.38/lib/XML/Atom/Client.pm XML-Atom-0.39/lib/XML/Atom/Client.pm --- XML-Atom-0.38/lib/XML/Atom/Client.pm 2009-04-24 09:34:23.000000000 +0100 +++ XML-Atom-0.39/lib/XML/Atom/Client.pm 2011-06-08 21:18:10.000000000 +0100 @@ -188,7 +188,7 @@ if ($client->use_soap && (my $xml = $res->content)) { my $doc; if (LIBXML) { - my $parser = XML::LibXML->new; + my $parser = $client->libxml_parser; $doc = $parser->parse_string($xml); } else { my $xp = XML::XPath->new(xml => $xml); @@ -218,6 +218,8 @@ } } +sub libxml_parser { XML::Atom->libxml_parser } + package LWP::UserAgent::AtomClient; use strict; use Scalar::Util; diff -urN XML-Atom-0.38/lib/XML/Atom/Content.pm XML-Atom-0.39/lib/XML/Atom/Content.pm --- XML-Atom-0.38/lib/XML/Atom/Content.pm 2011-05-23 03:54:10.000000000 +0100 +++ XML-Atom-0.39/lib/XML/Atom/Content.pm 2011-06-08 23:04:54.000000000 +0100 @@ -54,11 +54,12 @@ my $node; eval { if (LIBXML) { - my $parser = XML::LibXML->new; + my $parser = XML::Atom->libxml_parser; my $tree = $parser->parse_string($copy); $node = $tree->getDocumentElement; } else { - my $xp = XML::XPath->new(xml => $copy); + my $parser = XML::Atom->expat_parser; + my $xp = XML::XPath->new(xml => $copy, parser => $parser); $node = (($xp->find('/')->get_nodelist)[0]->getChildNodes)[0] if $xp; } diff -urN XML-Atom-0.38/lib/XML/Atom/Server.pm XML-Atom-0.39/lib/XML/Atom/Server.pm --- XML-Atom-0.38/lib/XML/Atom/Server.pm 2009-04-24 09:34:23.000000000 +0100 +++ XML-Atom-0.39/lib/XML/Atom/Server.pm 2011-06-08 21:18:10.000000000 +0100 @@ -284,7 +284,7 @@ my $server = shift; unless (exists $server->{xml_body}) { if (LIBXML) { - my $parser = XML::LibXML->new; + my $parser = $server->libxml_parser; $server->{xml_body} = $parser->parse_string($server->request_content); } else { @@ -309,6 +309,8 @@ $atom; } +sub libxml_parser { XML::Atom->libxml_parser } + 1; __END__ diff -urN XML-Atom-0.38/lib/XML/Atom/Thing.pm XML-Atom-0.39/lib/XML/Atom/Thing.pm --- XML-Atom-0.38/lib/XML/Atom/Thing.pm 2009-04-24 09:34:23.000000000 +0100 +++ XML-Atom-0.39/lib/XML/Atom/Thing.pm 2011-06-08 23:04:54.000000000 +0100 @@ -22,7 +22,7 @@ my $atom = shift; my %param = @_ == 1 ? (Stream => $_[0]) : @_; if (my $stream = delete $param{Stream}) { - my $parser = XML::LibXML->new; + my $parser = delete $param{Parser} || XML::Atom->libxml_parser; my $doc; if (ref($stream) eq 'SCALAR') { $doc = $parser->parse_string($$stream); @@ -50,13 +50,14 @@ my %param = @_ == 1 ? (Stream => $_[0]) : @_; my $elem_name = $atom->element_name; if (my $stream = delete $param{Stream}) { + my $parser = delete $param{Parser} || XML::Atom->expat_parser; my $xp; if (ref($stream) eq 'SCALAR') { - $xp = XML::XPath->new(xml => $$stream); + $xp = XML::XPath->new(xml => $$stream, parser => $parser); } elsif (ref($stream)) { - $xp = XML::XPath->new(ioref => $stream); + $xp = XML::XPath->new(ioref => $stream, parser => $parser); } else { - $xp = XML::XPath->new(filename => $stream); + $xp = XML::XPath->new(filename => $stream, parser => $parser); } my $set = $xp->find('/' . $elem_name); unless ($set && $set->size) { diff -urN XML-Atom-0.38/lib/XML/Atom.pm XML-Atom-0.39/lib/XML/Atom.pm --- XML-Atom-0.38/lib/XML/Atom.pm 2011-05-23 03:56:26.000000000 +0100 +++ XML-Atom-0.39/lib/XML/Atom.pm 2011-06-21 05:06:02.000000000 +0100 @@ -35,6 +35,26 @@ $XML::Atom::DefaultVersion = 0.3; } +sub libxml_parser { + ## uses old XML::LibXML < 1.70 interface for compat reasons + return XML::LibXML->new( + #no_network => 1, # v1.63+ + expand_xinclude => 0, + expand_entities => 1, + load_ext_dtd => 0, + ext_ent_handler => sub { warn "External entities disabled."; '' }, + ); +} + +sub expat_parser { + return XML::Parser->new( + Handlers => { + ExternEnt => sub { warn "External Entities disabled."; '' }, + ExternEntFin => sub {}, + }, + ); +} + use base qw( XML::Atom::ErrorHandler Exporter ); package XML::Atom::Namespace;