You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@xmlbeans.apache.org by ce...@apache.org on 2012/02/07 23:51:15 UTC
svn commit: r1241680 - in /xmlbeans/trunk/src:
store/org/apache/xmlbeans/impl/store/Locale.java
xmlpublic/org/apache/xmlbeans/XmlErrorCodes.java
xmlpublic/org/apache/xmlbeans/XmlOptions.java
xmlpublic/org/apache/xmlbeans/message.properties
Author: cezar
Date: Tue Feb 7 22:51:14 2012
New Revision: 1241680
URL: http://svn.apache.org/viewvc?rev=1241680&view=rev
Log:
Introducing a default maximum entity replacement limit of 10kb, it can be controled by using the option XmlOptions.setLoadEntityBytesLimit.
Contribution by Jerry Sy.
Modified:
xmlbeans/trunk/src/store/org/apache/xmlbeans/impl/store/Locale.java
xmlbeans/trunk/src/xmlpublic/org/apache/xmlbeans/XmlErrorCodes.java
xmlbeans/trunk/src/xmlpublic/org/apache/xmlbeans/XmlOptions.java
xmlbeans/trunk/src/xmlpublic/org/apache/xmlbeans/message.properties
Modified: xmlbeans/trunk/src/store/org/apache/xmlbeans/impl/store/Locale.java
URL: http://svn.apache.org/viewvc/xmlbeans/trunk/src/store/org/apache/xmlbeans/impl/store/Locale.java?rev=1241680&r1=1241679&r2=1241680&view=diff
==============================================================================
--- xmlbeans/trunk/src/store/org/apache/xmlbeans/impl/store/Locale.java (original)
+++ xmlbeans/trunk/src/store/org/apache/xmlbeans/impl/store/Locale.java Tue Feb 7 22:51:14 2012
@@ -15,6 +15,7 @@
package org.apache.xmlbeans.impl.store;
+import org.apache.xmlbeans.XmlErrorCodes;
import org.xml.sax.Locator;
import org.xml.sax.Attributes;
import org.xml.sax.ContentHandler;
@@ -95,10 +96,8 @@ import org.apache.xmlbeans.XmlOptions;
import org.apache.xmlbeans.SchemaType;
import org.apache.xmlbeans.SchemaTypeLoader;
import org.apache.xmlbeans.XmlTokenSource;
-import org.apache.xmlbeans.XmlOptions;
import org.apache.xmlbeans.QNameSet;
import org.apache.xmlbeans.QNameCache;
-import org.apache.xmlbeans.XmlBeans;
import org.apache.xmlbeans.XmlError;
import org.apache.xmlbeans.XmlRuntimeException;
import org.apache.xmlbeans.XmlDocumentProperties;
@@ -3173,6 +3172,9 @@ public final class Locale
_wantCdataBookmarks =
_startLocator != null &&
options.hasOption(XmlOptions.LOAD_SAVE_CDATA_BOOKMARKS);
+
+ if (options.hasOption(XmlOptions.LOAD_ENTITY_BYTES_LIMIT))
+ _entityBytesLimit = ((Integer)(options.get(XmlOptions.LOAD_ENTITY_BYTES_LIMIT))).intValue();
}
public void startDocument()
@@ -3287,8 +3289,20 @@ public final class Locale
throws SAXException
{
_context.text(ch, start, length);
+
if (_wantCdataBookmarks && _insideCDATA)
_context.bookmarkLastNonAttr(CDataBookmark.CDATA_BOOKMARK);
+
+ if (_insideEntity!=0)
+ {
+ if ((_entityBytes += length) > _entityBytesLimit)
+ {
+ XmlError err = XmlError.forMessage(XmlErrorCodes.EXCEPTION_EXCEEDED_ENTITY_BYTES,
+ new Integer[]{ new Integer(_entityBytesLimit) });
+
+ throw new SAXException(err.getMessage());
+ }
+ }
}
public void ignorableWhitespace(char ch[], int start, int length)
@@ -3361,13 +3375,19 @@ public final class Locale
public void startEntity(String name)
throws SAXException
{
-// throw new RuntimeException( "Not impl: startEntity" );
+ _insideEntity++;
}
public void endEntity(String name)
throws SAXException
{
-// throw new RuntimeException( "Not impl: endEntity" );
+ _insideEntity--;
+ assert _insideEntity>=0;
+
+ if (_insideEntity==0)
+ {
+ _entityBytes=0;
+ }
}
public void setDocumentLocator(Locator locator)
@@ -3401,6 +3421,9 @@ public final class Locale
private boolean _wantCdataBookmarks;
private Locator _startLocator;
private boolean _insideCDATA = false;
+ private int _entityBytesLimit = 10240;
+ private int _entityBytes = 0;
+ private int _insideEntity = 0;
}
private static abstract class SaxLoader
Modified: xmlbeans/trunk/src/xmlpublic/org/apache/xmlbeans/XmlErrorCodes.java
URL: http://svn.apache.org/viewvc/xmlbeans/trunk/src/xmlpublic/org/apache/xmlbeans/XmlErrorCodes.java?rev=1241680&r1=1241679&r2=1241680&view=diff
==============================================================================
--- xmlbeans/trunk/src/xmlpublic/org/apache/xmlbeans/XmlErrorCodes.java (original)
+++ xmlbeans/trunk/src/xmlpublic/org/apache/xmlbeans/XmlErrorCodes.java Tue Feb 7 22:51:14 2012
@@ -65,6 +65,7 @@ public abstract class XmlErrorCodes
public static final String INVALID_DOCUMENT_TYPE = "invalid.document.type";
public static final String CANNOT_LOAD_FILE = "cannot.load.file";
+ public static final String EXCEPTION_EXCEEDED_ENTITY_BYTES = "exceeded-entity-bytes";
public static final String EXCEPTION_LOADING_URL = "exception.loading.url";
public static final String EXCEPTION_VALUE_NOT_SUPPORTED_J2S = "exception.value.not.supported.j2s";
public static final String EXCEPTION_VALUE_NOT_SUPPORTED_S2J = "exception.value.not.supported.s2j";
Modified: xmlbeans/trunk/src/xmlpublic/org/apache/xmlbeans/XmlOptions.java
URL: http://svn.apache.org/viewvc/xmlbeans/trunk/src/xmlpublic/org/apache/xmlbeans/XmlOptions.java?rev=1241680&r1=1241679&r2=1241680&view=diff
==============================================================================
--- xmlbeans/trunk/src/xmlpublic/org/apache/xmlbeans/XmlOptions.java (original)
+++ xmlbeans/trunk/src/xmlpublic/org/apache/xmlbeans/XmlOptions.java Tue Feb 7 22:51:14 2012
@@ -861,6 +861,17 @@ public class XmlOptions implements java.
return set(COPY_USE_NEW_SYNC_DOMAIN, useNewSyncDomain ? Boolean.TRUE : Boolean.FALSE );
}
+ /**
+ * Sets the maximum number of bytes allowed when an Entity is expanded during parsing.
+ * The default value is 10240 bytes.
+ * @param entityBytesLimit
+ * @return
+ */
+ public XmlOptions setLoadEntityBytesLimit (int entityBytesLimit)
+ {
+ return set(LOAD_ENTITY_BYTES_LIMIT,entityBytesLimit);
+ }
+
public static final String GENERATE_JAVA_14 = "1.4";
public static final String GENERATE_JAVA_15 = "1.5";
@@ -983,6 +994,8 @@ public class XmlOptions implements java.
public static final String GENERATE_JAVA_VERSION = "GENERATE_JAVA_VERSION";
/** @exclude */
public static final String COPY_USE_NEW_SYNC_DOMAIN = "COPY_USE_NEW_LOCALE";
+ /** @exclude */
+ public static final String LOAD_ENTITY_BYTES_LIMIT = "LOAD_ENTITY_BYTES_LIMIT";
private static final XmlOptions EMPTY_OPTIONS;
static {
Modified: xmlbeans/trunk/src/xmlpublic/org/apache/xmlbeans/message.properties
URL: http://svn.apache.org/viewvc/xmlbeans/trunk/src/xmlpublic/org/apache/xmlbeans/message.properties?rev=1241680&r1=1241679&r2=1241680&view=diff
==============================================================================
--- xmlbeans/trunk/src/xmlpublic/org/apache/xmlbeans/message.properties (original)
+++ xmlbeans/trunk/src/xmlpublic/org/apache/xmlbeans/message.properties Tue Feb 7 22:51:14 2012
@@ -970,3 +970,5 @@ The value ''{0}'' is an invalid {1}: {2}
invalid-xpath = \
Invalid xpath in identity constraint: {0}
+exceeded-entity-bytes = \
+Exceeded Entity dereference bytes limit, limit is {0} bytes.
\ No newline at end of file
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@xmlbeans.apache.org
For additional commands, e-mail: commits-help@xmlbeans.apache.org