This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit e745cea2ba1bd3dfde94e8869757df8a6856913a Author: Mark Thomas <ma...@apache.org> AuthorDate: Thu Jan 30 21:17:22 2020 +0000 Fix BZ 64089 Add ${...} support to XML external entity definitions https://bz.apache.org/bugzilla/show_bug.cgi?id=64089 --- java/org/apache/tomcat/util/digester/Digester.java | 74 +++++++++++++++++++++- 1 file changed, 72 insertions(+), 2 deletions(-) diff --git a/java/org/apache/tomcat/util/digester/Digester.java b/java/org/apache/tomcat/util/digester/Digester.java index 59a347b..a7c1740 100644 --- a/java/org/apache/tomcat/util/digester/Digester.java +++ b/java/org/apache/tomcat/util/digester/Digester.java @@ -41,6 +41,7 @@ import org.apache.juli.logging.Log; import org.apache.juli.logging.LogFactory; import org.apache.tomcat.util.ExceptionUtils; import org.apache.tomcat.util.IntrospectionUtils; +import org.apache.tomcat.util.IntrospectionUtils.PropertySource; import org.apache.tomcat.util.buf.B2CConverter; import org.apache.tomcat.util.res.StringManager; import org.apache.tomcat.util.security.PermissionCheck; @@ -55,6 +56,7 @@ import org.xml.sax.SAXNotSupportedException; import org.xml.sax.SAXParseException; import org.xml.sax.XMLReader; import org.xml.sax.ext.DefaultHandler2; +import org.xml.sax.ext.EntityResolver2; import org.xml.sax.ext.Locator2; import org.xml.sax.helpers.AttributesImpl; @@ -815,12 +817,20 @@ public class Digester extends DefaultHandler2 { reader.setDTDHandler(this); reader.setContentHandler(this); + EntityResolver entityResolver = getEntityResolver(); if (entityResolver == null) { - reader.setEntityResolver(this); + entityResolver = this; + } + + // Wrap the resolver so we can perform ${...} property replacement + if (entityResolver instanceof EntityResolver2) { + entityResolver = new EntityResolver2Wrapper((EntityResolver2) entityResolver, source, classLoader); } else { - reader.setEntityResolver(entityResolver); + entityResolver = new EntityResolverWrapper(entityResolver, source, classLoader); } + reader.setEntityResolver(entityResolver); + reader.setProperty("http://xml.org/sax/properties/lexical-handler", this); reader.setErrorHandler(this); @@ -1976,4 +1986,64 @@ public class Digester extends DefaultHandler2 { return new StringBuilder(out); } } + + + private static class EntityResolverWrapper implements EntityResolver { + + private final EntityResolver entityResolver; + private final PropertySource[] source; + private final ClassLoader classLoader; + + public EntityResolverWrapper(EntityResolver entityResolver, PropertySource[] source, ClassLoader classLoader) { + this.entityResolver = entityResolver; + this.source = source; + this.classLoader = classLoader; + } + + @Override + public InputSource resolveEntity(String publicId, String systemId) + throws SAXException, IOException { + publicId = replace(publicId); + systemId = replace(systemId); + return entityResolver.resolveEntity(publicId, systemId); + } + + protected String replace(String input) { + try { + return IntrospectionUtils.replaceProperties(input, null, source, classLoader); + } catch (Exception e) { + return input; + } + } + } + + + private static class EntityResolver2Wrapper extends EntityResolverWrapper implements EntityResolver2 { + + private final EntityResolver2 entityResolver2; + + public EntityResolver2Wrapper(EntityResolver2 entityResolver, PropertySource[] source, + ClassLoader classLoader) { + super(entityResolver, source, classLoader); + this.entityResolver2 = entityResolver; + } + + @Override + public InputSource getExternalSubset(String name, String baseURI) + throws SAXException, IOException { + name = replace(name); + baseURI = replace(baseURI); + return entityResolver2.getExternalSubset(name, baseURI); + } + + @Override + public InputSource resolveEntity(String name, String publicId, String baseURI, + String systemId) throws SAXException, IOException { + name = replace(name); + publicId = replace(publicId); + baseURI = replace(baseURI); + systemId = replace(systemId); + return entityResolver2.resolveEntity(name, publicId, baseURI, systemId); + } + } } --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org