You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cxf.apache.org by GitBox <gi...@apache.org> on 2022/11/30 14:44:22 UTC

[GitHub] [cxf] reta commented on a diff in pull request #960: CXF-8706: CXF MTOM handler allow content injection

reta commented on code in PR #960:
URL: https://github.com/apache/cxf/pull/960#discussion_r1036059188


##########
core/src/main/java/org/apache/cxf/attachment/AttachmentUtil.java:
##########
@@ -546,24 +550,46 @@ public static Attachment createMtomAttachmentFromDH(
     }
 
     public static DataSource getAttachmentDataSource(String contentId, Collection<Attachment> atts) {
-        // Is this right? - DD
+        //
+        // RFC-2392 (https://datatracker.ietf.org/doc/html/rfc2392) says:
+        //
+        // A "cid" URL is converted to the corresponding Content-ID message
+        // header [MIME] by removing the "cid:" prefix, converting the % encoded
+        // character to their equivalent US-ASCII characters, and enclosing the
+        // remaining parts with an angle bracket pair, "<" and ">".  
+        //
         if (contentId.startsWith("cid:")) {
             try {
                 contentId = URLDecoder.decode(contentId.substring(4), StandardCharsets.UTF_8.name());
             } catch (UnsupportedEncodingException ue) {
                 contentId = contentId.substring(4);
             }
-            return loadDataSource(contentId, atts);
-        } else if (contentId.indexOf("://") == -1) {
-            return loadDataSource(contentId, atts);
-        } else {
-            try {
-                return new URLDataSource(new URL(contentId));
-            } catch (MalformedURLException e) {
-                throw new Fault(e);
+            
+            // href attribute information item: MUST be a valid URI per the cid: URI scheme (RFC 2392), 
+            // for example:
+            //
+            //   <xop:Include xmlns:xop='http://www.w3.org/2004/08/xop/include' href='cid:http://example.org/me.png'/>
+            // 
+            // See please https://www.w3.org/TR/xop10/
+            //
+            if (contentId.indexOf("://") == -1) {
+                return loadDataSource(contentId, atts);
+            } else {
+                try {
+                    final String followUrls = SystemPropertyAction
+                        .getProperty(ATTACHMENT_XOP_FOLLOW_URLS_PROPERTY, "false");
+                    if ("true".equals(followUrls)) {

Review Comment:
   Certainly, thanks @coheigea , changed



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@cxf.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org