chemistry-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Nicolas Raoul (JIRA)" <j...@apache.org>
Subject [jira] [Created] (CMIS-902) XmlException: For security reasons DTD is prohibited in this XML document
Date Thu, 19 Mar 2015 08:24:38 GMT
Nicolas Raoul created CMIS-902:
----------------------------------

             Summary: XmlException: For security reasons DTD is prohibited in this XML document
                 Key: CMIS-902
                 URL: https://issues.apache.org/jira/browse/CMIS-902
             Project: Chemistry
          Issue Type: Bug
          Components: dotcmis
    Affects Versions: DotCMIS 0.6
         Environment: SharePoint Server 2013
Documentum 6.7 SP1
            Reporter: Nicolas Raoul


Hello DotCMIS,

Many people using SharePoint Server 2013 are reporting this error when performing a simple
listing of a folder:

DotCMIS.Exceptions.CmisConnectionException: Parsing exception! ---> System.Xml.XmlException:
For security reasons DTD is prohibited in this XML document. To enable DTD processing set
the DtdProcessing property on XmlReaderSettings to Parse and pass the settings into XmlReader.Create
method.
   at System.Xml.XmlTextReaderImpl.Throw(Exception e)
   at System.Xml.XmlTextReaderImpl.ThrowWithoutLineInfo(String res)
   at System.Xml.XmlTextReaderImpl.ParseDoctypeDecl()
   at System.Xml.XmlTextReaderImpl.ParseDocumentContent()
   at System.Xml.XmlTextReaderImpl.Read()
   at System.Xml.XmlReader.MoveToContent()
   at System.Xml.XmlReader.IsStartElement()
   at DotCMIS.Binding.AtomPub.AtomPubParser.Parse()
   at DotCMIS.Binding.AtomPub.AbstractAtomPubService.Parse[T](Stream stream)

The problem is easily fixed by adding `settings.DtdProcessing = DtdProcessing.Ignore;` in
the Parse() method of atompub-parser.cs as seen in this commit: https://github.com/aegif/chemistry-dotcmis/commit/ee7e5931b8c8cdfcbbd280a1fb4956a8fcc895b8

Full explanation and a note about DDOS (I don't think DotCMIS should be too worried about
DDOS, as it is mostly a client-side library): http://stackoverflow.com/a/28459398/226958

Thank you!
Nicolas



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message