cayenne git commit: Disable external entities in XML reader

Mon, 09 Jul 2018 01:17:18 -0700 

Repository: cayenne
Updated Branches:
  refs/heads/master 0b1f5af0f -> 6fc896b65


Disable external entities in XML reader


Project: http://git-wip-us.apache.org/repos/asf/cayenne/repo
Commit: http://git-wip-us.apache.org/repos/asf/cayenne/commit/6fc896b6
Tree: http://git-wip-us.apache.org/repos/asf/cayenne/tree/6fc896b6
Diff: http://git-wip-us.apache.org/repos/asf/cayenne/diff/6fc896b6

Branch: refs/heads/master
Commit: 6fc896b65ed871be33dcf453cde924bf73cf83db
Parents: 0b1f5af
Author: Nikita Timofeev <[email protected]>
Authored: Mon Jul 9 11:16:45 2018 +0300
Committer: Nikita Timofeev <[email protected]>
Committed: Mon Jul 9 11:16:45 2018 +0300

----------------------------------------------------------------------
 .../src/main/java/org/apache/cayenne/util/Util.java      | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cayenne/blob/6fc896b6/cayenne-server/src/main/java/org/apache/cayenne/util/Util.java
----------------------------------------------------------------------
diff --git a/cayenne-server/src/main/java/org/apache/cayenne/util/Util.java 
b/cayenne-server/src/main/java/org/apache/cayenne/util/Util.java
index 7aa0f9b..429a833 100644
--- a/cayenne-server/src/main/java/org/apache/cayenne/util/Util.java
+++ b/cayenne-server/src/main/java/org/apache/cayenne/util/Util.java
@@ -346,17 +346,16 @@ public class Util {
         */
        public static XMLReader createXmlReader() throws SAXException, 
ParserConfigurationException {
                SAXParserFactory spf = SAXParserFactory.newInstance();
+               
spf.setFeature("http://apache.org/xml/features/disallow-doctype-decl";, true);
+               
spf.setFeature("http://xml.org/sax/features/external-general-entities";, false);
+               
spf.setFeature("http://xml.org/sax/features/external-parameter-entities";, 
false);
+               spf.setFeature("http://xml.org/sax/features/namespaces";, true);
 
                // Create a JAXP SAXParser
                SAXParser saxParser = spf.newSAXParser();
 
                // Get the encapsulated SAX XMLReader
-               XMLReader reader = saxParser.getXMLReader();
-
-               // set default features
-               reader.setFeature("http://xml.org/sax/features/namespaces";, 
true);
-
-               return reader;
+               return saxParser.getXMLReader();
        }
 
        /**

Reply via email to