You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2020/01/30 21:20:41 UTC
[tomcat] branch 8.5.x updated: Fix BZ 64089 Add ${...} support to
XML external entity definitions
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 13e5dd6 Fix BZ 64089 Add ${...} support to XML external entity definitions
13e5dd6 is described below
commit 13e5dd68b28ba421befbd69e5e3b65e8f6a4c277
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Thu Jan 30 21:17:22 2020 +0000
Fix BZ 64089 Add ${...} support to XML external entity definitions
https://bz.apache.org/bugzilla/show_bug.cgi?id=64089
---
java/org/apache/tomcat/util/digester/Digester.java | 74 +++++++++++++++++++++-
webapps/docs/changelog.xml | 4 ++
2 files changed, 76 insertions(+), 2 deletions(-)
diff --git a/java/org/apache/tomcat/util/digester/Digester.java b/java/org/apache/tomcat/util/digester/Digester.java
index 8466241..3791d8c 100644
--- a/java/org/apache/tomcat/util/digester/Digester.java
+++ b/java/org/apache/tomcat/util/digester/Digester.java
@@ -41,6 +41,7 @@ import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.util.ExceptionUtils;
import org.apache.tomcat.util.IntrospectionUtils;
+import org.apache.tomcat.util.IntrospectionUtils.PropertySource;
import org.apache.tomcat.util.buf.B2CConverter;
import org.apache.tomcat.util.res.StringManager;
import org.apache.tomcat.util.security.PermissionCheck;
@@ -55,6 +56,7 @@ import org.xml.sax.SAXNotSupportedException;
import org.xml.sax.SAXParseException;
import org.xml.sax.XMLReader;
import org.xml.sax.ext.DefaultHandler2;
+import org.xml.sax.ext.EntityResolver2;
import org.xml.sax.ext.Locator2;
import org.xml.sax.helpers.AttributesImpl;
@@ -844,12 +846,20 @@ public class Digester extends DefaultHandler2 {
reader.setDTDHandler(this);
reader.setContentHandler(this);
+ EntityResolver entityResolver = getEntityResolver();
if (entityResolver == null) {
- reader.setEntityResolver(this);
+ entityResolver = this;
+ }
+
+ // Wrap the resolver so we can perform ${...} property replacement
+ if (entityResolver instanceof EntityResolver2) {
+ entityResolver = new EntityResolver2Wrapper((EntityResolver2) entityResolver, source, classLoader);
} else {
- reader.setEntityResolver(entityResolver);
+ entityResolver = new EntityResolverWrapper(entityResolver, source, classLoader);
}
+ reader.setEntityResolver(entityResolver);
+
reader.setProperty("http://xml.org/sax/properties/lexical-handler", this);
reader.setErrorHandler(this);
@@ -2023,4 +2033,64 @@ public class Digester extends DefaultHandler2 {
return new StringBuilder(out);
}
}
+
+
+ private static class EntityResolverWrapper implements EntityResolver {
+
+ private final EntityResolver entityResolver;
+ private final PropertySource[] source;
+ private final ClassLoader classLoader;
+
+ public EntityResolverWrapper(EntityResolver entityResolver, PropertySource[] source, ClassLoader classLoader) {
+ this.entityResolver = entityResolver;
+ this.source = source;
+ this.classLoader = classLoader;
+ }
+
+ @Override
+ public InputSource resolveEntity(String publicId, String systemId)
+ throws SAXException, IOException {
+ publicId = replace(publicId);
+ systemId = replace(systemId);
+ return entityResolver.resolveEntity(publicId, systemId);
+ }
+
+ protected String replace(String input) {
+ try {
+ return IntrospectionUtils.replaceProperties(input, null, source, classLoader);
+ } catch (Exception e) {
+ return input;
+ }
+ }
+ }
+
+
+ private static class EntityResolver2Wrapper extends EntityResolverWrapper implements EntityResolver2 {
+
+ private final EntityResolver2 entityResolver2;
+
+ public EntityResolver2Wrapper(EntityResolver2 entityResolver, PropertySource[] source,
+ ClassLoader classLoader) {
+ super(entityResolver, source, classLoader);
+ this.entityResolver2 = entityResolver;
+ }
+
+ @Override
+ public InputSource getExternalSubset(String name, String baseURI)
+ throws SAXException, IOException {
+ name = replace(name);
+ baseURI = replace(baseURI);
+ return entityResolver2.getExternalSubset(name, baseURI);
+ }
+
+ @Override
+ public InputSource resolveEntity(String name, String publicId, String baseURI,
+ String systemId) throws SAXException, IOException {
+ name = replace(name);
+ publicId = replace(publicId);
+ baseURI = replace(baseURI);
+ systemId = replace(systemId);
+ return entityResolver2.resolveEntity(name, publicId, baseURI, systemId);
+ }
+ }
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 22c1fc8..be7a816 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -131,6 +131,10 @@
Refactor recycle facade system property into a new connector attribute
named <code>discardFacades</code>. (remm)
</update>
+ <fix>
+ <bug>64089</bug>: Add <code>${...}</code> property replacement support
+ to XML external entity definitions. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org