You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jackrabbit.apache.org by "Jukka Zitting (JIRA)" <ji...@apache.org> on 2008/02/01 09:23:08 UTC
[jira] Created: (JCR-1355) XML import should not access external
entities
XML import should not access external entities
----------------------------------------------
Key: JCR-1355
URL: https://issues.apache.org/jira/browse/JCR-1355
Project: Jackrabbit
Issue Type: Bug
Components: xml
Affects Versions: 1.4, 1.3.3, 1.3.1, 1.3, 1.2.3, 1.2.2, 1.2.1, 1.1.1, 1.1, 1.0.1, 1.0, 0.9
Reporter: Jukka Zitting
Assignee: Jukka Zitting
Priority: Minor
Fix For: 1.4.1
With current Jackrabbit the following XML document can not be imported:
<!DOCTYPE foo SYSTEM "http://invalid.address/"><foo/>
Even if the DTD address (or some other external resource referenced in the XML document) is correct, I don't think importXML() should even try resolving those references.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (JCR-1355) XML import should not access external
entities
Posted by "Felix Meschberger (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JCR-1355?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Felix Meschberger updated JCR-1355:
-----------------------------------
Fix Version/s: (was: 1.4.1)
commons 1.4.1
scheduling for the commons 1.4.1 release
> XML import should not access external entities
> ----------------------------------------------
>
> Key: JCR-1355
> URL: https://issues.apache.org/jira/browse/JCR-1355
> Project: Jackrabbit
> Issue Type: Bug
> Components: jackrabbit-jcr-commons, xml
> Affects Versions: 0.9, 1.0, 1.0.1, 1.1, 1.1.1, 1.2.1, 1.2.2, 1.2.3, 1.3, 1.3.1, 1.3.3, 1.4
> Reporter: Jukka Zitting
> Assignee: Jukka Zitting
> Priority: Minor
> Fix For: commons 1.4.1
>
>
> With current Jackrabbit the following XML document can not be imported:
> <!DOCTYPE foo SYSTEM "http://invalid.address/"><foo/>
> Even if the DTD address (or some other external resource referenced in the XML document) is correct, I don't think importXML() should even try resolving those references.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (JCR-1355) XML import should not access external
entities
Posted by "Rob Owen (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JCR-1355?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12564791#action_12564791 ]
Rob Owen commented on JCR-1355:
-------------------------------
The fix to 1.4 is missing an include for ByteArrayInputStream. Here is a patch for 1.4
Index: jackrabbit-jcr-commons/src/main/java/org/apache/jackrabbit/commons/DefaultContentHandler.java
===================================================================
--- jackrabbit-jcr-commons/src/main/java/org/apache/jackrabbit/commons/DefaultContentHandler.java (revision 617424)
+++ jackrabbit-jcr-commons/src/main/java/org/apache/jackrabbit/commons/DefaultContentHandler.java (working copy)
@@ -16,6 +16,7 @@
*/
package org.apache.jackrabbit.commons;
+import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
> XML import should not access external entities
> ----------------------------------------------
>
> Key: JCR-1355
> URL: https://issues.apache.org/jira/browse/JCR-1355
> Project: Jackrabbit
> Issue Type: Bug
> Components: jackrabbit-jcr-commons, xml
> Affects Versions: 0.9, 1.0, 1.0.1, 1.1, 1.1.1, 1.2.1, 1.2.2, 1.2.3, 1.3, 1.3.1, 1.3.3, 1.4
> Reporter: Jukka Zitting
> Assignee: Jukka Zitting
> Priority: Minor
> Fix For: 1.4.1
>
>
> With current Jackrabbit the following XML document can not be imported:
> <!DOCTYPE foo SYSTEM "http://invalid.address/"><foo/>
> Even if the DTD address (or some other external resource referenced in the XML document) is correct, I don't think importXML() should even try resolving those references.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (JCR-1355) XML import should not access external
entities
Posted by "Jukka Zitting (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JCR-1355?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jukka Zitting updated JCR-1355:
-------------------------------
Component/s: jackrabbit-jcr-commons
> XML import should not access external entities
> ----------------------------------------------
>
> Key: JCR-1355
> URL: https://issues.apache.org/jira/browse/JCR-1355
> Project: Jackrabbit
> Issue Type: Bug
> Components: jackrabbit-jcr-commons, xml
> Affects Versions: 0.9, 1.0, 1.0.1, 1.1, 1.1.1, 1.2.1, 1.2.2, 1.2.3, 1.3, 1.3.1, 1.3.3, 1.4
> Reporter: Jukka Zitting
> Assignee: Jukka Zitting
> Priority: Minor
> Fix For: 1.4.1
>
>
> With current Jackrabbit the following XML document can not be imported:
> <!DOCTYPE foo SYSTEM "http://invalid.address/"><foo/>
> Even if the DTD address (or some other external resource referenced in the XML document) is correct, I don't think importXML() should even try resolving those references.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (JCR-1355) XML import should not access external
entities
Posted by "Felix Meschberger (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JCR-1355?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Felix Meschberger updated JCR-1355:
-----------------------------------
Fix Version/s: 1.5
> XML import should not access external entities
> ----------------------------------------------
>
> Key: JCR-1355
> URL: https://issues.apache.org/jira/browse/JCR-1355
> Project: Jackrabbit
> Issue Type: Bug
> Components: jackrabbit-jcr-commons, xml
> Affects Versions: 0.9, 1.0, 1.0.1, 1.1, 1.1.1, 1.2.1, 1.2.2, 1.2.3, 1.3, 1.3.1, 1.3.3, 1.4
> Reporter: Jukka Zitting
> Assignee: Jukka Zitting
> Priority: Minor
> Fix For: commons 1.4.2, 1.5
>
>
> With current Jackrabbit the following XML document can not be imported:
> <!DOCTYPE foo SYSTEM "http://invalid.address/"><foo/>
> Even if the DTD address (or some other external resource referenced in the XML document) is correct, I don't think importXML() should even try resolving those references.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (JCR-1355) XML import should not access external
entities
Posted by "Jukka Zitting (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JCR-1355?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jukka Zitting resolved JCR-1355.
--------------------------------
Resolution: Fixed
Resolved in trunk in revision 617384. Adapted the fix to the 1.4 branch in revision 617424.
> XML import should not access external entities
> ----------------------------------------------
>
> Key: JCR-1355
> URL: https://issues.apache.org/jira/browse/JCR-1355
> Project: Jackrabbit
> Issue Type: Bug
> Components: xml
> Affects Versions: 0.9, 1.0, 1.0.1, 1.1, 1.1.1, 1.2.1, 1.2.2, 1.2.3, 1.3, 1.3.1, 1.3.3, 1.4
> Reporter: Jukka Zitting
> Assignee: Jukka Zitting
> Priority: Minor
> Fix For: 1.4.1
>
>
> With current Jackrabbit the following XML document can not be imported:
> <!DOCTYPE foo SYSTEM "http://invalid.address/"><foo/>
> Even if the DTD address (or some other external resource referenced in the XML document) is correct, I don't think importXML() should even try resolving those references.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (JCR-1355) XML import should not access external
entities
Posted by "Jukka Zitting (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JCR-1355?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12564794#action_12564794 ]
Jukka Zitting commented on JCR-1355:
------------------------------------
Of course, thanks! Fixed in revision 617514.
> XML import should not access external entities
> ----------------------------------------------
>
> Key: JCR-1355
> URL: https://issues.apache.org/jira/browse/JCR-1355
> Project: Jackrabbit
> Issue Type: Bug
> Components: jackrabbit-jcr-commons, xml
> Affects Versions: 0.9, 1.0, 1.0.1, 1.1, 1.1.1, 1.2.1, 1.2.2, 1.2.3, 1.3, 1.3.1, 1.3.3, 1.4
> Reporter: Jukka Zitting
> Assignee: Jukka Zitting
> Priority: Minor
> Fix For: 1.4.1
>
>
> With current Jackrabbit the following XML document can not be imported:
> <!DOCTYPE foo SYSTEM "http://invalid.address/"><foo/>
> Even if the DTD address (or some other external resource referenced in the XML document) is correct, I don't think importXML() should even try resolving those references.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Closed: (JCR-1355) XML import should not access external
entities
Posted by "Felix Meschberger (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JCR-1355?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Felix Meschberger closed JCR-1355.
----------------------------------
Closing issue, has been released in jackrabbit-jcr-commons 1.4.2
> XML import should not access external entities
> ----------------------------------------------
>
> Key: JCR-1355
> URL: https://issues.apache.org/jira/browse/JCR-1355
> Project: Jackrabbit
> Issue Type: Bug
> Components: jackrabbit-jcr-commons, xml
> Affects Versions: 0.9, 1.0, 1.0.1, 1.1, 1.1.1, 1.2.1, 1.2.2, 1.2.3, 1.3, 1.3.1, 1.3.3, 1.4
> Reporter: Jukka Zitting
> Assignee: Jukka Zitting
> Priority: Minor
> Fix For: commons 1.4.2, 1.5
>
>
> With current Jackrabbit the following XML document can not be imported:
> <!DOCTYPE foo SYSTEM "http://invalid.address/"><foo/>
> Even if the DTD address (or some other external resource referenced in the XML document) is correct, I don't think importXML() should even try resolving those references.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.