This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/syncope.git
The following commit(s) were added to refs/heads/master by this push:
new 720b253 Enable the secure processing feature
720b253 is described below
commit 720b2538d58833629497beecd1f2de04a7624ba4
Author: Colm O hEigeartaigh <cohei...@apache.org>
AuthorDate: Thu Nov 22 11:51:41 2018 +0000
Enable the secure processing feature
---
.../apache/syncope/core/persistence/jpa/content/XMLContentLoader.java | 2 ++
1 file changed, 2 insertions(+)
diff --git
a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/content/XMLContentLoader.java
b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/content/XMLContentLoader.java
index 8b59615..4adfde6 100644
---
a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/content/XMLContentLoader.java
+++
b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/content/XMLContentLoader.java
@@ -23,6 +23,7 @@ import java.io.InputStream;
import java.util.Properties;
import javax.annotation.Resource;
import javax.sql.DataSource;
+import javax.xml.XMLConstants;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.parsers.SAXParser;
import javax.xml.parsers.SAXParserFactory;
@@ -101,6 +102,7 @@ public class XMLContentLoader extends AbstractContentDealer
implements ContentLo
throws IOException, ParserConfigurationException, SAXException {
SAXParserFactory factory = SAXParserFactory.newInstance();
+ factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING,
Boolean.TRUE);
try (InputStream in = contentXML.getResource().getInputStream()) {
SAXParser parser = factory.newSAXParser();
parser.parse(in, new ContentLoaderHandler(dataSource,
ROOT_ELEMENT, true));
