[syncope] branch master updated: Disallow Doctypes for SAXParserFactory

coheigea Fri, 11 Oct 2019 03:45:43 -0700

This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/syncope.git



The following commit(s) were added to refs/heads/master by this push:
     new a7a3009  Disallow Doctypes for SAXParserFactory
     new 16fb995  Merge pull request #129 from coheigea/doctypes
a7a3009 is described below

commit a7a3009a5002f6e72fe5d19eb99382c28f374799
Author: Colm O hEigeartaigh <[email protected]>
AuthorDate: Fri Oct 11 11:35:34 2019 +0100

    Disallow Doctypes for SAXParserFactory
---
 .../apache/syncope/core/persistence/jpa/content/XMLContentLoader.java    | 1 +
 1 file changed, 1 insertion(+)

diff --git 
a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/content/XMLContentLoader.java
 
b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/content/XMLContentLoader.java
index db95a6a..9c1b502 100644
--- 
a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/content/XMLContentLoader.java
+++ 
b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/content/XMLContentLoader.java
@@ -112,6 +112,7 @@ public class XMLContentLoader implements ContentLoader {
 
         SAXParserFactory factory = SAXParserFactory.newInstance();
         factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, 
Boolean.TRUE);
+        
factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl";, 
true);
         try (contentXML) {
             SAXParser parser = factory.newSAXParser();
             parser.parse(contentXML, new ContentLoaderHandler(dataSource, 
ROOT_ELEMENT, true, env));

[syncope] branch master updated: Disallow Doctypes for SAXParserFactory

Reply via email to