You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by co...@apache.org on 2019/10/24 10:25:24 UTC
[directory-ldap-api] branch master updated: Disable external
DTD/schema access
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/directory-ldap-api.git
The following commit(s) were added to refs/heads/master by this push:
new f0c0968 Disable external DTD/schema access
f0c0968 is described below
commit f0c0968b9cea090c9e44bd0f01aef9665c53a4d5
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Thu Oct 24 11:25:02 2019 +0100
Disable external DTD/schema access
---
.../main/java/org/apache/directory/api/dsmlv2/ParserUtils.java | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/dsml/parser/src/main/java/org/apache/directory/api/dsmlv2/ParserUtils.java b/dsml/parser/src/main/java/org/apache/directory/api/dsmlv2/ParserUtils.java
index b518ebf..3604f1d 100644
--- a/dsml/parser/src/main/java/org/apache/directory/api/dsmlv2/ParserUtils.java
+++ b/dsml/parser/src/main/java/org/apache/directory/api/dsmlv2/ParserUtils.java
@@ -316,6 +316,15 @@ public final class ParserUtils
try
{
factory.setFeature( javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE );
+ try
+ {
+ factory.setAttribute( javax.xml.XMLConstants.ACCESS_EXTERNAL_DTD, "" );
+ factory.setAttribute( javax.xml.XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "" );
+ }
+ catch ( IllegalArgumentException ex )
+ {
+ // ignore
+ }
transformer = factory.newTransformer( new StreamSource( ParserUtils.class
.getResourceAsStream( "/org/apache/directory/shared/dsmlv2/DSMLv2.xslt" ) ) );
}