4 files changed, 16 insertions, 4 deletions

diff --git a/Auth/Yadis/Manager.php b/Auth/Yadis/Manager.php
index 15e6907..664521c 100644
--- a/Auth/Yadis/Manager.php
+++ b/Auth/Yadis/Manager.php
@@ -414,7 +414,7 @@ class Auth_Yadis_Discovery {
             list($yadis_url, $services) = call_user_func_array($discover_cb,
                                                                array(
                                                                 $this->url,
-                                                                &$fetcher,
+                                                                $fetcher,
                                                                ));
 
             $manager = $this->createManager($services, $yadis_url);
diff --git a/Auth/Yadis/XML.php b/Auth/Yadis/XML.php
index cf1f5c4..39a9942 100644
--- a/Auth/Yadis/XML.php
+++ b/Auth/Yadis/XML.php
@@ -234,7 +234,19 @@ class Auth_Yadis_dom extends Auth_Yadis_XMLParser {
             return false;
         }
 
-        if (!@$this->doc->loadXML($xml_string)) {
+        // libxml_disable_entity_loader (PHP 5 >= 5.2.11)
+        if (function_exists('libxml_disable_entity_loader') && function_exists('libxml_use_internal_errors')) {
+            // disable external entities and libxml errors
+            $loader = libxml_disable_entity_loader(true);
+            $errors = libxml_use_internal_errors(true);
+            $parse_result = @$this->doc->loadXML($xml_string);
+            libxml_disable_entity_loader($loader);
+            libxml_use_internal_errors($errors);
+        } else {
+            $parse_result = @$this->doc->loadXML($xml_string);
+        }
+
+        if (!$parse_result) {
             return false;
         }
 
diff --git a/Auth/Yadis/XRDS.php b/Auth/Yadis/XRDS.php
index 1f5af96..044d1e7 100644
--- a/Auth/Yadis/XRDS.php
+++ b/Auth/Yadis/XRDS.php
@@ -429,7 +429,7 @@ class Auth_Yadis_XRDS {
 
                 foreach ($filters as $filter) {
 
-                    if (call_user_func_array($filter, array(&$service))) {
+                    if (call_user_func_array($filter, array($service))) {
                         $matches++;
 
                         if ($filter_mode == SERVICES_YADIS_MATCH_ANY) {
diff --git a/Auth/Yadis/Yadis.php b/Auth/Yadis/Yadis.php
index 9ea2db7..f885367 100644
--- a/Auth/Yadis/Yadis.php
+++ b/Auth/Yadis/Yadis.php
@@ -141,7 +141,7 @@ function Auth_Yadis_getServiceEndpoints($input_url, $xrds_parse_func,
     }
 
     $yadis_result = call_user_func_array($discover_func,
-                                         array($input_url, &$fetcher));
+                                         array($input_url, $fetcher));
 
     if ($yadis_result === null) {
         return array($input_url, array());