This is an automated email from the ASF dual-hosted git repository.
ilgrosso pushed a commit to branch 2_0_X
in repository https://gitbox.apache.org/repos/asf/syncope.git
The following commit(s) were added to refs/heads/2_0_X by this push:
new 5d02fc2 Enable the secure processing feature
5d02fc2 is described below
commit 5d02fc26b9d8f3705a57d15fd4c1ee1f90bb96d4
Author: Francesco Chicchiriccò <ilgro...@apache.org>
AuthorDate: Thu Nov 22 12:56:53 2018 +0100
Enable the secure processing feature
---
.../apache/syncope/core/persistence/jpa/content/XMLContentLoader.java | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git
a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/content/XMLContentLoader.java
b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/content/XMLContentLoader.java
index 63a6089..e6e4531 100644
---
a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/content/XMLContentLoader.java
+++
b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/content/XMLContentLoader.java
@@ -24,6 +24,7 @@ import java.util.Map;
import java.util.Properties;
import javax.annotation.Resource;
import javax.sql.DataSource;
+import javax.xml.XMLConstants;
import javax.xml.parsers.SAXParser;
import javax.xml.parsers.SAXParserFactory;
import org.apache.syncope.core.spring.ApplicationContextProvider;
@@ -100,8 +101,8 @@ public class XMLContentLoader extends AbstractContentDealer
implements ContentLo
throws Exception {
SAXParserFactory factory = SAXParserFactory.newInstance();
+ factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING,
Boolean.TRUE);
try (InputStream in = contentXML.getResource().getInputStream()) {
-
SAXParser parser = factory.newSAXParser();
parser.parse(in, new ContentLoaderHandler(dataSource,
ROOT_ELEMENT, true));
LOG.debug("[{}] Default content successfully loaded", domain);
