From 5f32b43e040d7d5aee56dd2c160b22f9610187f5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?T=C3=B5nis=20Ormisson?= <tonis@andmemasin.eu>
Date: Tue, 24 Apr 2018 12:21:11 +0300
Subject: [PATCH] Fixed issue #13628: Unable to import responses from archive -
 fix security (#1056)

---
 application/helpers/admin/import_helper.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/application/helpers/admin/import_helper.php b/application/helpers/admin/import_helper.php
index f6d21b40361..e11ced06742 100644
--- a/application/helpers/admin/import_helper.php
+++ b/application/helpers/admin/import_helper.php
@@ -2113,10 +2113,10 @@ function XMLImportResponses($sFullFilePath, $iSurveyID, $aFieldReMap = array())
     $results = [];
     $results['responses'] = 0;
 
-    libxml_disable_entity_loader( false ); // fixing #13628
-
+    libxml_disable_entity_loader( false );
     $oXMLReader = new XMLReader();
     $oXMLReader->open($sFullFilePath);
+    libxml_disable_entity_loader( true );
     $DestinationFields = Yii::app()->db->schema->getTable($survey->responsesTableName)->getColumnNames();
     while ($oXMLReader->read()) {
         if ($oXMLReader->name === 'LimeSurveyDocType' && $oXMLReader->nodeType == XMLReader::ELEMENT) {