abdera-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jmsn...@apache.org
Subject svn commit: r587327 - /incubator/abdera/java/trunk/parser/src/main/java/org/apache/abdera/parser/stax/FOMParser.java
Date Tue, 23 Oct 2007 00:25:09 GMT
Author: jmsnell
Date: Mon Oct 22 17:25:09 2007
New Revision: 587327

URL: http://svn.apache.org/viewvc?rev=587327&view=rev
Log:
Turns out I had overlooked the a call to StaxUtils when dealing with InputStreams on parse.
 This meant
that the new entity declaration mechanism in ParserOptions wasn't working and that DTD entity
references
were being allowed... which opened up the possibility of all kinds of nasty security issues.
 All fixed.

Modified:
    incubator/abdera/java/trunk/parser/src/main/java/org/apache/abdera/parser/stax/FOMParser.java

Modified: incubator/abdera/java/trunk/parser/src/main/java/org/apache/abdera/parser/stax/FOMParser.java
URL: http://svn.apache.org/viewvc/incubator/abdera/java/trunk/parser/src/main/java/org/apache/abdera/parser/stax/FOMParser.java?rev=587327&r1=587326&r2=587327&view=diff
==============================================================================
--- incubator/abdera/java/trunk/parser/src/main/java/org/apache/abdera/parser/stax/FOMParser.java
(original)
+++ incubator/abdera/java/trunk/parser/src/main/java/org/apache/abdera/parser/stax/FOMParser.java
Mon Oct 22 17:25:09 2007
@@ -116,8 +116,8 @@
         return parse(StAXUtils.createXMLStreamReader(rdr), base, options);
       } else {
         XMLStreamReader xmlreader = (charset == null) ? 
-          StAXUtils.createXMLStreamReader(in) : 
-          StAXUtils.createXMLStreamReader(in, charset); 
+          createXMLStreamReader(in) : 
+          createXMLStreamReader(in, charset); 
         return parse(xmlreader, base, options);
       }
     } catch (Exception e) {
@@ -149,15 +149,47 @@
       throw (ParseException)e;
     }
   }
+
+  private static XMLInputFactory getXMLInputFactory() {
+    XMLInputFactory inputFactory = StAXUtils.getXMLInputFactory();
+    inputFactory.setProperty(XMLInputFactory.IS_REPLACING_ENTITY_REFERENCES, Boolean.FALSE);
+    return inputFactory;
+  }
   
-  private XMLStreamReader createXMLStreamReader(Reader in) throws XMLStreamException {
-    javax.xml.stream.XMLInputFactory inputFactory = StAXUtils.getXMLInputFactory();
+  private static void releaseXMLInputFactory(XMLInputFactory inputFactory) {
+    StAXUtils.releaseXMLInputFactory(inputFactory);
+  }
+  
+  public static XMLStreamReader createXMLStreamReader(
+    InputStream in, 
+    String encoding)
+      throws XMLStreamException {
+    XMLInputFactory inputFactory = getXMLInputFactory();
     try {
-      inputFactory.setProperty(XMLInputFactory.IS_REPLACING_ENTITY_REFERENCES, Boolean.FALSE);
+      return inputFactory.createXMLStreamReader(in, encoding);
+    } finally {
+      releaseXMLInputFactory(inputFactory);
+    }
+  }
+
+  public static XMLStreamReader createXMLStreamReader(
+    InputStream in)
+      throws XMLStreamException {
+    XMLInputFactory inputFactory = getXMLInputFactory();
+    try {
+      return inputFactory.createXMLStreamReader(in);
+    } finally {
+      releaseXMLInputFactory(inputFactory);
+    }
+  }
+  
+  private XMLStreamReader createXMLStreamReader(Reader in) throws XMLStreamException {
+    XMLInputFactory inputFactory = getXMLInputFactory();
+    try {    
       XMLStreamReader reader = inputFactory.createXMLStreamReader(in);
       return reader;
     } finally {
-        StAXUtils.releaseXMLInputFactory(inputFactory);
+      releaseXMLInputFactory(inputFactory);
     }    
   }
   



Mime
View raw message