You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jackrabbit.apache.org by "Rob Owen (JIRA)" <ji...@apache.org> on 2008/02/01 16:11:08 UTC
[jira] Commented: (JCR-1355) XML import should not access external
entities
[ https://issues.apache.org/jira/browse/JCR-1355?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12564791#action_12564791 ]
Rob Owen commented on JCR-1355:
-------------------------------
The fix to 1.4 is missing an include for ByteArrayInputStream. Here is a patch for 1.4
Index: jackrabbit-jcr-commons/src/main/java/org/apache/jackrabbit/commons/DefaultContentHandler.java
===================================================================
--- jackrabbit-jcr-commons/src/main/java/org/apache/jackrabbit/commons/DefaultContentHandler.java (revision 617424)
+++ jackrabbit-jcr-commons/src/main/java/org/apache/jackrabbit/commons/DefaultContentHandler.java (working copy)
@@ -16,6 +16,7 @@
*/
package org.apache.jackrabbit.commons;
+import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
> XML import should not access external entities
> ----------------------------------------------
>
> Key: JCR-1355
> URL: https://issues.apache.org/jira/browse/JCR-1355
> Project: Jackrabbit
> Issue Type: Bug
> Components: jackrabbit-jcr-commons, xml
> Affects Versions: 0.9, 1.0, 1.0.1, 1.1, 1.1.1, 1.2.1, 1.2.2, 1.2.3, 1.3, 1.3.1, 1.3.3, 1.4
> Reporter: Jukka Zitting
> Assignee: Jukka Zitting
> Priority: Minor
> Fix For: 1.4.1
>
>
> With current Jackrabbit the following XML document can not be imported:
> <!DOCTYPE foo SYSTEM "http://invalid.address/"><foo/>
> Even if the DTD address (or some other external resource referenced in the XML document) is correct, I don't think importXML() should even try resolving those references.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.