cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dk...@apache.org
Subject svn commit: r948468 - in /cxf/branches/2.1.x-fixes: ./ common/common/src/main/java/org/apache/cxf/staxutils/StaxUtils.java rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/provider/XMLBeanStreamSerializer.java
Date Wed, 26 May 2010 15:04:53 GMT
Author: dkulp
Date: Wed May 26 15:04:53 2010
New Revision: 948468

URL: http://svn.apache.org/viewvc?rev=948468&view=rev
Log:
Merged revisions 948162 via svnmerge from 
https://svn.apache.org/repos/asf/cxf/branches/2.2.x-fixes

................
  r948162 | dkulp | 2010-05-25 14:35:11 -0400 (Tue, 25 May 2010) | 9 lines
  
  Merged revisions 948131 via svnmerge from 
  https://svn.apache.org/repos/asf/cxf/trunk
  
  ........
    r948131 | dkulp | 2010-05-25 13:52:01 -0400 (Tue, 25 May 2010) | 1 line
    
    Turn off DTD and Entity expansion stuff in the XMLStreamReaders
  ........
................

Modified:
    cxf/branches/2.1.x-fixes/   (props changed)
    cxf/branches/2.1.x-fixes/common/common/src/main/java/org/apache/cxf/staxutils/StaxUtils.java
    cxf/branches/2.1.x-fixes/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/provider/XMLBeanStreamSerializer.java

Propchange: cxf/branches/2.1.x-fixes/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Wed May 26 15:04:53 2010
@@ -1,2 +1,2 @@
-/cxf/branches/2.2.x-fixes:908559,908843
+/cxf/branches/2.2.x-fixes:908559,908843,948162
 /cxf/trunk:908549,908779

Propchange: cxf/branches/2.1.x-fixes/
------------------------------------------------------------------------------
Binary property 'svnmerge-integrated' - no diff available.

Modified: cxf/branches/2.1.x-fixes/common/common/src/main/java/org/apache/cxf/staxutils/StaxUtils.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.1.x-fixes/common/common/src/main/java/org/apache/cxf/staxutils/StaxUtils.java?rev=948468&r1=948467&r2=948468&view=diff
==============================================================================
--- cxf/branches/2.1.x-fixes/common/common/src/main/java/org/apache/cxf/staxutils/StaxUtils.java
(original)
+++ cxf/branches/2.1.x-fixes/common/common/src/main/java/org/apache/cxf/staxutils/StaxUtils.java
Wed May 26 15:04:53 2010
@@ -36,6 +36,7 @@ import javax.xml.parsers.ParserConfigura
 import javax.xml.stream.StreamFilter;
 import javax.xml.stream.XMLInputFactory;
 import javax.xml.stream.XMLOutputFactory;
+import javax.xml.stream.XMLResolver;
 import javax.xml.stream.XMLStreamConstants;
 import javax.xml.stream.XMLStreamException;
 import javax.xml.stream.XMLStreamReader;
@@ -127,8 +128,7 @@ public final class StaxUtils {
     private static XMLInputFactory getXMLInputFactory() {
         XMLInputFactory f = NS_AWARE_INPUT_FACTORY_POOL.poll();
         if (f == null) {
-            f = XMLInputFactory.newInstance();
-            f.setProperty(XMLInputFactory.IS_NAMESPACE_AWARE, true);
+            f = createXMLInputFactory(true);
         }
         return f;
     }
@@ -157,6 +157,16 @@ public final class StaxUtils {
     public static XMLInputFactory createXMLInputFactory(boolean nsAware) {
         XMLInputFactory factory = XMLInputFactory.newInstance();
         factory.setProperty(XMLInputFactory.IS_NAMESPACE_AWARE, nsAware);
+        factory.setProperty(XMLInputFactory.SUPPORT_DTD, Boolean.FALSE);
+        factory.setProperty(XMLInputFactory.IS_REPLACING_ENTITY_REFERENCES, Boolean.FALSE);
+        factory.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, Boolean.FALSE);
+        factory.setXMLResolver(new XMLResolver() {
+            public Object resolveEntity(String publicID, String systemID,
+                                        String baseURI, String namespace)
+                throws XMLStreamException {
+                throw new XMLStreamException("Reading external entities is disabled");
+            }
+        });
         return factory;
     }
 

Modified: cxf/branches/2.1.x-fixes/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/provider/XMLBeanStreamSerializer.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.1.x-fixes/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/provider/XMLBeanStreamSerializer.java?rev=948468&r1=948467&r2=948468&view=diff
==============================================================================
--- cxf/branches/2.1.x-fixes/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/provider/XMLBeanStreamSerializer.java
(original)
+++ cxf/branches/2.1.x-fixes/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/provider/XMLBeanStreamSerializer.java
Wed May 26 15:04:53 2010
@@ -24,12 +24,12 @@ import java.io.FileInputStream;
 import java.io.IOException;
 import java.io.InputStream;
 
-import javax.xml.stream.XMLInputFactory;
 import javax.xml.stream.XMLStreamConstants;
 import javax.xml.stream.XMLStreamException;
 import javax.xml.stream.XMLStreamReader;
 import javax.xml.stream.XMLStreamWriter;
 
+import org.apache.cxf.staxutils.StaxUtils;
 import org.apache.xmlbeans.XmlObject;
 
 /**
@@ -61,7 +61,7 @@ public class XMLBeanStreamSerializer {
             xObj.save(tmpFile);
 
             InputStream tmpIn = new FileInputStream(tmpFile);
-            XMLStreamReader rdr = XMLInputFactory.newInstance().createXMLStreamReader(tmpIn);
+            XMLStreamReader rdr = StaxUtils.createXMLStreamReader(tmpIn);
 
             while (rdr.hasNext()) {
 



Mime
View raw message