chemistry-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Florian Müller (JIRA) <j...@apache.org>
Subject [jira] [Resolved] (CMIS-902) XmlException: For security reasons DTD is prohibited in this XML document
Date Mon, 30 Mar 2015 14:59:53 GMT

     [ https://issues.apache.org/jira/browse/CMIS-902?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Florian Müller resolved CMIS-902.
---------------------------------
       Resolution: Fixed
    Fix Version/s: DotCMIS 0.7

I've used a different workaround because settings.DtdProcessing doesn't exist in .Net 3.5.
(It has been introduced in .Net 4.)

> XmlException: For security reasons DTD is prohibited in this XML document
> -------------------------------------------------------------------------
>
>                 Key: CMIS-902
>                 URL: https://issues.apache.org/jira/browse/CMIS-902
>             Project: Chemistry
>          Issue Type: Bug
>          Components: dotcmis
>    Affects Versions: DotCMIS 0.6
>         Environment: SharePoint Server 2013
> Documentum 6.7 SP1
>            Reporter: Nicolas Raoul
>            Assignee: Florian Müller
>              Labels: patch
>             Fix For: DotCMIS 0.7
>
>   Original Estimate: 1h
>  Remaining Estimate: 1h
>
> Hello DotCMIS,
> Many people using SharePoint Server 2013 are reporting this error when performing a simple
listing of a folder:
> DotCMIS.Exceptions.CmisConnectionException: Parsing exception! ---> System.Xml.XmlException:
For security reasons DTD is prohibited in this XML document. To enable DTD processing set
the DtdProcessing property on XmlReaderSettings to Parse and pass the settings into XmlReader.Create
method.
>    at System.Xml.XmlTextReaderImpl.Throw(Exception e)
>    at System.Xml.XmlTextReaderImpl.ThrowWithoutLineInfo(String res)
>    at System.Xml.XmlTextReaderImpl.ParseDoctypeDecl()
>    at System.Xml.XmlTextReaderImpl.ParseDocumentContent()
>    at System.Xml.XmlTextReaderImpl.Read()
>    at System.Xml.XmlReader.MoveToContent()
>    at System.Xml.XmlReader.IsStartElement()
>    at DotCMIS.Binding.AtomPub.AtomPubParser.Parse()
>    at DotCMIS.Binding.AtomPub.AbstractAtomPubService.Parse[T](Stream stream)
> The problem is easily fixed by adding `settings.DtdProcessing = DtdProcessing.Ignore;`
in the Parse() method of atompub-parser.cs as seen in this commit: https://github.com/aegif/chemistry-dotcmis/commit/ee7e5931b8c8cdfcbbd280a1fb4956a8fcc895b8
> Full explanation and a note about DDOS (I don't think DotCMIS should be too worried about
DDOS, as it is mostly a client-side library): http://stackoverflow.com/a/28459398/226958
> Thank you!
> Nicolas



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message