Some fixes from original repository are included.

Author: nqxcode

library/ZendSearch/Lucene/Document/AbstractOpenXML.php

@@ -67,8 +67,15 @@ protected function extractMetaData(\ZipArchive $package)
         // Data holders
         $coreProperties = array();
 
+        // Prevent php from loading remote resources
+        $loadEntities = libxml_disable_entity_loader(true);
+
         // Read relations and search for core properties
         $relations = simplexml_load_string($package->getFromName("_rels/.rels"));
+
+        // Restore entity loader state
+        libxml_disable_entity_loader($loadEntities);
+
         foreach ($relations->Relationship as $rel) {
             if ($rel["Type"] == self::SCHEMA_COREPROPERTIES) {
                 // Found core properties! Read in contents...

library/ZendSearch/Lucene/Document/Docx.php

@@ -60,7 +60,15 @@ private function __construct($fileName, $storeContent)
         if ($relationsXml === false) {
             throw new RuntimeException('Invalid archive or corrupted .docx file.');
         }
+
+        // Prevent php from loading remote resources
+        $loadEntities = libxml_disable_entity_loader(true);
+
         $relations = simplexml_load_string($relationsXml);
+
+        // Restore entity loader state
+        libxml_disable_entity_loader($loadEntities);
+
         foreach($relations->Relationship as $rel) {
             if ($rel ["Type"] == AbstractOpenXML::SCHEMA_OFFICEDOCUMENT) {
                 // Found office document! Read in contents...

library/ZendSearch/Lucene/Document/Pptx.php

@@ -80,7 +80,15 @@ private function __construct($fileName, $storeContent)
         if ($relationsXml === false) {
             throw new RuntimeException('Invalid archive or corrupted .pptx file.');
         }
+
+        // Prevent php from loading remote resources
+        $loadEntities = libxml_disable_entity_loader(true);
+
         $relations = simplexml_load_string($relationsXml);
+
+        // Restore entity loader state
+        libxml_disable_entity_loader($loadEntities);
+
         foreach ($relations->Relationship as $rel) {
             if ($rel["Type"] == AbstractOpenXML::SCHEMA_OFFICEDOCUMENT) {
                 // Found office document! Search for slides...

library/ZendSearch/Lucene/Document/Xlsx.php

@@ -89,7 +89,15 @@ private function __construct($fileName, $storeContent)
         if ($relationsXml === false) {
             throw new RuntimeException('Invalid archive or corrupted .xlsx file.');
         }
+
+        // Prevent php from loading remote resources
+        $loadEntities = libxml_disable_entity_loader(true);
+
         $relations = simplexml_load_string($relationsXml);
+
+        // Restore entity loader state
+        libxml_disable_entity_loader($loadEntities);
+
         foreach ($relations->Relationship as $rel) {
             if ($rel["Type"] == AbstractOpenXML::SCHEMA_OFFICEDOCUMENT) {
                 // Found office document! Read relations for workbook...

library/ZendSearch/Lucene/Index/Term.php

@@ -75,7 +75,7 @@ public static function getPrefix($str, $length)
          */
         $prefixBytes = 0;
         $prefixChars = 0;
-        while ($prefixBytes < strlen($str)  &&  $prefixChars < $length) {
+        while (isset($str[$prefixBytes])  &&  $prefixChars < $length) {
             $charBytes = 1;
             if ((ord($str[$prefixBytes]) & 0xC0) == 0xC0) {
                 $charBytes++;
@@ -87,7 +87,7 @@ public static function getPrefix($str, $length)
                 }
             }
 
-            if ($prefixBytes + $charBytes > strlen($str)) {
+            if (! isset($str[$prefixBytes + $charBytes - 1])) {
                 // wrong character
                 break;
             }