cayenne-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ntimof...@apache.org
Subject cayenne git commit: Disable external entities in XML reader
Date Mon, 09 Jul 2018 08:53:12 GMT
Repository: cayenne
Updated Branches:
  refs/heads/STABLE-4.0 e795b287b -> 8d4c83abe


Disable external entities in XML reader


Project: http://git-wip-us.apache.org/repos/asf/cayenne/repo
Commit: http://git-wip-us.apache.org/repos/asf/cayenne/commit/8d4c83ab
Tree: http://git-wip-us.apache.org/repos/asf/cayenne/tree/8d4c83ab
Diff: http://git-wip-us.apache.org/repos/asf/cayenne/diff/8d4c83ab

Branch: refs/heads/STABLE-4.0
Commit: 8d4c83abed024fc3a698148a122429022b89b590
Parents: e795b28
Author: Nikita Timofeev <stariy95@gmail.com>
Authored: Mon Jul 9 11:47:12 2018 +0300
Committer: Nikita Timofeev <stariy95@gmail.com>
Committed: Mon Jul 9 11:47:12 2018 +0300

----------------------------------------------------------------------
 .../src/main/java/org/apache/cayenne/util/Util.java      | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cayenne/blob/8d4c83ab/cayenne-server/src/main/java/org/apache/cayenne/util/Util.java
----------------------------------------------------------------------
diff --git a/cayenne-server/src/main/java/org/apache/cayenne/util/Util.java b/cayenne-server/src/main/java/org/apache/cayenne/util/Util.java
index 7dfd57e..6351fe1 100644
--- a/cayenne-server/src/main/java/org/apache/cayenne/util/Util.java
+++ b/cayenne-server/src/main/java/org/apache/cayenne/util/Util.java
@@ -261,17 +261,16 @@ public class Util {
 	 */
 	public static XMLReader createXmlReader() throws SAXException, ParserConfigurationException
{
 		SAXParserFactory spf = SAXParserFactory.newInstance();
+		spf.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
+		spf.setFeature("http://xml.org/sax/features/external-general-entities", false);
+		spf.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
+		spf.setFeature("http://xml.org/sax/features/namespaces", true);
 
 		// Create a JAXP SAXParser
 		SAXParser saxParser = spf.newSAXParser();
 
 		// Get the encapsulated SAX XMLReader
-		XMLReader reader = saxParser.getXMLReader();
-
-		// set default features
-		reader.setFeature("http://xml.org/sax/features/namespaces", true);
-
-		return reader;
+		return saxParser.getXMLReader();
 	}
 
 	/**


Mime
View raw message