Club Drupal

  // Strip XML declaration.

  $header = preg_replace('/<\?xml.*?\?'.'>/s', '', substr($xmlrpc_message->message, 0, 100), 1);

  $xml = trim(substr_replace($xmlrpc_message->message, $header, 0, 100));

  if ($xml == '') {

    return FALSE;

  }

  // Strip DTD.

  $header = preg_replace('/^<!DOCTYPE[^>]*+>/i', '', substr($xml, 0, 200), 1);

  $xml = trim(substr_replace($xml, $header, 0, 200));

  if ($xml == '') {

    return FALSE;

  }

  // Confirm the XML now starts with a valid root tag. A root tag can end in [> \t\r\n]

  $root_tag = substr($xml, 0, strcspn(substr($xml, 0, 20), "> \t\r\n"));

  // Reject a second DTD.

  if (strtoupper($root_tag) == '<!DOCTYPE') {

    return FALSE;

  }

  if (!in_array($root_tag, array('<methodCall', '<methodResponse', '<fault'))) {

    return FALSE;

  }

  // Skip parsing if there is an unreasonably large number of tags.

  try {

    $dom = new DOMDocument();

    @$dom->loadXML($xml);

    if ($dom->getElementsByTagName('*')->length > variable_get('xmlrpc_message_maximum_tag_count', 30000)) {

      return FALSE;

    }

  }

  catch (Exception $e) {

    return FALSE;

  }

  if (!xml_parse($xmlrpc_message->_parser, $xml)) {