axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From i..@apache.org
Subject cvs commit: ws-axis/java/src/org/apache/axis/utils XMLUtils.java
Date Thu, 20 Nov 2003 14:01:22 GMT
ias         2003/11/20 06:01:22

  Modified:    java/src/org/apache/axis/utils XMLUtils.java
  Log:
  Removed the deprecated parser.getParser().setEntityResolver(new DefaultEntityResolver());
and added some details about that
  
  Revision  Changes    Path
  1.85      +5 -1      ws-axis/java/src/org/apache/axis/utils/XMLUtils.java
  
  Index: XMLUtils.java
  ===================================================================
  RCS file: /home/cvs/ws-axis/java/src/org/apache/axis/utils/XMLUtils.java,v
  retrieving revision 1.84
  retrieving revision 1.85
  diff -u -r1.84 -r1.85
  --- XMLUtils.java	18 Jul 2003 12:40:40 -0000	1.84
  +++ XMLUtils.java	20 Nov 2003 14:01:22 -0000	1.85
  @@ -237,8 +237,12 @@
   
           try {
               SAXParser parser = saxFactory.newSAXParser();
  -            parser.getParser().setEntityResolver(new DefaultEntityResolver());
               XMLReader reader = parser.getXMLReader(); 
  +            // parser.getParser().setEntityResolver(new DefaultEntityResolver());
  +            // The above commented line and the following line are added 
  +            // for preventing XXE (bug #14105).
  +            // We may need to uncomment the deprecated setting
  +            // in case that it is considered necessary.  
               reader.setEntityResolver(new DefaultEntityResolver());
               reader.setFeature("http://xml.org/sax/features/namespace-prefixes", false);
               return parser;
  
  
  

Mime
View raw message