You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@chemistry.apache.org by "Florian Müller (JIRA)" <ji...@apache.org> on 2015/03/19 10:51:38 UTC
[jira] [Assigned] (CMIS-902) XmlException: For security reasons DTD
is prohibited in this XML document
[ https://issues.apache.org/jira/browse/CMIS-902?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Florian Müller reassigned CMIS-902:
-----------------------------------
Assignee: Florian Müller
> XmlException: For security reasons DTD is prohibited in this XML document
> -------------------------------------------------------------------------
>
> Key: CMIS-902
> URL: https://issues.apache.org/jira/browse/CMIS-902
> Project: Chemistry
> Issue Type: Bug
> Components: dotcmis
> Affects Versions: DotCMIS 0.6
> Environment: SharePoint Server 2013
> Documentum 6.7 SP1
> Reporter: Nicolas Raoul
> Assignee: Florian Müller
> Labels: patch
> Original Estimate: 1h
> Remaining Estimate: 1h
>
> Hello DotCMIS,
> Many people using SharePoint Server 2013 are reporting this error when performing a simple listing of a folder:
> DotCMIS.Exceptions.CmisConnectionException: Parsing exception! ---> System.Xml.XmlException: For security reasons DTD is prohibited in this XML document. To enable DTD processing set the DtdProcessing property on XmlReaderSettings to Parse and pass the settings into XmlReader.Create method.
> at System.Xml.XmlTextReaderImpl.Throw(Exception e)
> at System.Xml.XmlTextReaderImpl.ThrowWithoutLineInfo(String res)
> at System.Xml.XmlTextReaderImpl.ParseDoctypeDecl()
> at System.Xml.XmlTextReaderImpl.ParseDocumentContent()
> at System.Xml.XmlTextReaderImpl.Read()
> at System.Xml.XmlReader.MoveToContent()
> at System.Xml.XmlReader.IsStartElement()
> at DotCMIS.Binding.AtomPub.AtomPubParser.Parse()
> at DotCMIS.Binding.AtomPub.AbstractAtomPubService.Parse[T](Stream stream)
> The problem is easily fixed by adding `settings.DtdProcessing = DtdProcessing.Ignore;` in the Parse() method of atompub-parser.cs as seen in this commit: https://github.com/aegif/chemistry-dotcmis/commit/ee7e5931b8c8cdfcbbd280a1fb4956a8fcc895b8
> Full explanation and a note about DDOS (I don't think DotCMIS should be too worried about DDOS, as it is mostly a client-side library): http://stackoverflow.com/a/28459398/226958
> Thank you!
> Nicolas
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)