zendframework · froschdesign · Mar 7, 2014 · Mar 7, 2014 · weierophinney · Mar 7, 2014
diff --git a/library/Zend/Xml/Security.php b/library/Zend/Xml/Security.php
@@ -44,6 +44,21 @@ protected static function heuristicScan($xml)
         }
     }
 
+    /**
+     * @param integer $errno
+     * @param string $errstr
+     * @param string $errfile
+     * @param integer $errline
+     * @return bool
+     */
+    protected static function _loadXmlErrorHandler($errno, $errstr, $errfile, $errline)
+    {
+        if (substr_count($errstr, 'DOMDocument::loadXML()') > 0) {
+            return true;
+        }
+        return false;
+    }
+
     /**
      * Scan XML string for potential XXE and XEE attacks
      *
@@ -73,12 +88,8 @@ public static function scan($xml, DOMDocument $dom = null)
 
         // Load XML with network access disabled (LIBXML_NONET)
         // error disabled with @ for PHP-FPM scenario
-        set_error_handler(function ($errno, $errstr) {
-            if (substr_count($errstr, 'DOMDocument::loadXML()') > 0) {
-                return true;
-            }
-            return false;
-        }, E_WARNING);
+        set_error_handler(array('Zend_Xml_Security', '_loadXmlErrorHandler'), E_WARNING);
+
         $result = $dom->loadXml($xml, LIBXML_NONET);
         restore_error_handler();