You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@abdera.apache.org by jm...@apache.org on 2007/10/23 02:25:09 UTC
svn commit: r587327 -
/incubator/abdera/java/trunk/parser/src/main/java/org/apache/abdera/parser/stax/FOMParser.java
Author: jmsnell
Date: Mon Oct 22 17:25:09 2007
New Revision: 587327
URL: http://svn.apache.org/viewvc?rev=587327&view=rev
Log:
Turns out I had overlooked the a call to StaxUtils when dealing with InputStreams on parse. This meant
that the new entity declaration mechanism in ParserOptions wasn't working and that DTD entity references
were being allowed... which opened up the possibility of all kinds of nasty security issues. All fixed.
Modified:
incubator/abdera/java/trunk/parser/src/main/java/org/apache/abdera/parser/stax/FOMParser.java
Modified: incubator/abdera/java/trunk/parser/src/main/java/org/apache/abdera/parser/stax/FOMParser.java
URL: http://svn.apache.org/viewvc/incubator/abdera/java/trunk/parser/src/main/java/org/apache/abdera/parser/stax/FOMParser.java?rev=587327&r1=587326&r2=587327&view=diff
==============================================================================
--- incubator/abdera/java/trunk/parser/src/main/java/org/apache/abdera/parser/stax/FOMParser.java (original)
+++ incubator/abdera/java/trunk/parser/src/main/java/org/apache/abdera/parser/stax/FOMParser.java Mon Oct 22 17:25:09 2007
@@ -116,8 +116,8 @@
return parse(StAXUtils.createXMLStreamReader(rdr), base, options);
} else {
XMLStreamReader xmlreader = (charset == null) ?
- StAXUtils.createXMLStreamReader(in) :
- StAXUtils.createXMLStreamReader(in, charset);
+ createXMLStreamReader(in) :
+ createXMLStreamReader(in, charset);
return parse(xmlreader, base, options);
}
} catch (Exception e) {
@@ -149,15 +149,47 @@
throw (ParseException)e;
}
}
+
+ private static XMLInputFactory getXMLInputFactory() {
+ XMLInputFactory inputFactory = StAXUtils.getXMLInputFactory();
+ inputFactory.setProperty(XMLInputFactory.IS_REPLACING_ENTITY_REFERENCES, Boolean.FALSE);
+ return inputFactory;
+ }
- private XMLStreamReader createXMLStreamReader(Reader in) throws XMLStreamException {
- javax.xml.stream.XMLInputFactory inputFactory = StAXUtils.getXMLInputFactory();
+ private static void releaseXMLInputFactory(XMLInputFactory inputFactory) {
+ StAXUtils.releaseXMLInputFactory(inputFactory);
+ }
+
+ public static XMLStreamReader createXMLStreamReader(
+ InputStream in,
+ String encoding)
+ throws XMLStreamException {
+ XMLInputFactory inputFactory = getXMLInputFactory();
try {
- inputFactory.setProperty(XMLInputFactory.IS_REPLACING_ENTITY_REFERENCES, Boolean.FALSE);
+ return inputFactory.createXMLStreamReader(in, encoding);
+ } finally {
+ releaseXMLInputFactory(inputFactory);
+ }
+ }
+
+ public static XMLStreamReader createXMLStreamReader(
+ InputStream in)
+ throws XMLStreamException {
+ XMLInputFactory inputFactory = getXMLInputFactory();
+ try {
+ return inputFactory.createXMLStreamReader(in);
+ } finally {
+ releaseXMLInputFactory(inputFactory);
+ }
+ }
+
+ private XMLStreamReader createXMLStreamReader(Reader in) throws XMLStreamException {
+ XMLInputFactory inputFactory = getXMLInputFactory();
+ try {
XMLStreamReader reader = inputFactory.createXMLStreamReader(in);
return reader;
} finally {
- StAXUtils.releaseXMLInputFactory(inputFactory);
+ releaseXMLInputFactory(inputFactory);
}
}