cayenne git commit: Disable external entities in XML reader

Mon, 09 Jul 2018 01:54:01 -0700 

Repository: cayenne
Updated Branches:
  refs/heads/STABLE-4.0 e795b287b -> 8d4c83abe


Disable external entities in XML reader


Project: http://git-wip-us.apache.org/repos/asf/cayenne/repo
Commit: http://git-wip-us.apache.org/repos/asf/cayenne/commit/8d4c83ab
Tree: http://git-wip-us.apache.org/repos/asf/cayenne/tree/8d4c83ab
Diff: http://git-wip-us.apache.org/repos/asf/cayenne/diff/8d4c83ab

Branch: refs/heads/STABLE-4.0
Commit: 8d4c83abed024fc3a698148a122429022b89b590
Parents: e795b28
Author: Nikita Timofeev <[email protected]>
Authored: Mon Jul 9 11:47:12 2018 +0300
Committer: Nikita Timofeev <[email protected]>
Committed: Mon Jul 9 11:47:12 2018 +0300

----------------------------------------------------------------------
 .../src/main/java/org/apache/cayenne/util/Util.java      | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cayenne/blob/8d4c83ab/cayenne-server/src/main/java/org/apache/cayenne/util/Util.java
----------------------------------------------------------------------
diff --git a/cayenne-server/src/main/java/org/apache/cayenne/util/Util.java 
b/cayenne-server/src/main/java/org/apache/cayenne/util/Util.java
index 7dfd57e..6351fe1 100644
--- a/cayenne-server/src/main/java/org/apache/cayenne/util/Util.java
+++ b/cayenne-server/src/main/java/org/apache/cayenne/util/Util.java
@@ -261,17 +261,16 @@ public class Util {
         */
        public static XMLReader createXmlReader() throws SAXException, 
ParserConfigurationException {
                SAXParserFactory spf = SAXParserFactory.newInstance();
+               
spf.setFeature("http://apache.org/xml/features/disallow-doctype-decl";, true);
+               
spf.setFeature("http://xml.org/sax/features/external-general-entities";, false);
+               
spf.setFeature("http://xml.org/sax/features/external-parameter-entities";, 
false);
+               spf.setFeature("http://xml.org/sax/features/namespaces";, true);
 
                // Create a JAXP SAXParser
                SAXParser saxParser = spf.newSAXParser();
 
                // Get the encapsulated SAX XMLReader
-               XMLReader reader = saxParser.getXMLReader();
-
-               // set default features
-               reader.setFeature("http://xml.org/sax/features/namespaces";, 
true);
-
-               return reader;
+               return saxParser.getXMLReader();
        }
 
        /**

Reply via email to