Author: rfm
Date: Tue Mar 17 20:51:02 2015
New Revision: 38409
URL: http://svn.gna.org/viewcvs/gnustep?rev=38409&view=rev
Log:
Be stricter about checking that the rpc doesn't contain excess info.
Modified:
libs/webservices/trunk/ChangeLog
libs/webservices/trunk/GWSXMLRPCCoder.m
Modified: libs/webservices/trunk/ChangeLog
URL:
http://svn.gna.org/viewcvs/gnustep/libs/webservices/trunk/ChangeLog?rev=38409&r1=38408&r2=38409&view=diff
==============================================================================
--- libs/webservices/trunk/ChangeLog (original)
+++ libs/webservices/trunk/ChangeLog Tue Mar 17 20:51:02 2015
@@ -1,3 +1,7 @@
+2015-03-17 Richard Frith-Macdonald <[email protected]>
+
+ * GWSXMLRPCCoder.m: add more checks when strict parsing in use.
+
2014-11-17 Richard Frith-Macdonald <[email protected]>
* configure: regenerate
Modified: libs/webservices/trunk/GWSXMLRPCCoder.m
URL:
http://svn.gna.org/viewcvs/gnustep/libs/webservices/trunk/GWSXMLRPCCoder.m?rev=38409&r1=38408&r2=38409&view=diff
==============================================================================
--- libs/webservices/trunk/GWSXMLRPCCoder.m (original)
+++ libs/webservices/trunk/GWSXMLRPCCoder.m Tue Mar 17 20:51:02 2015
@@ -354,6 +354,11 @@
if ([name isEqualToString: @"string"])
{
+ if (_strictParsing && nil != [elem firstChild])
+ {
+ [NSException raise: NSGenericException
+ format: @"xml element inside %@", name];
+ }
s = [[elem content] copy];
return s;
}
@@ -361,6 +366,11 @@
if ([name isEqualToString: @"i4"]
|| [name isEqualToString: @"int"])
{
+ if (_strictParsing && nil != [elem firstChild])
+ {
+ [NSException raise: NSGenericException
+ format: @"xml element inside %@", name];
+ }
s = [elem content];
if ([s length] == 0)
{
@@ -374,6 +384,11 @@
{
char c;
+ if (_strictParsing && nil != [elem firstChild])
+ {
+ [NSException raise: NSGenericException
+ format: @"xml element inside %@", name];
+ }
s = [elem content];
if ([s length] == 0)
{
@@ -390,6 +405,11 @@
if ([name isEqualToString: @"double"])
{
+ if (_strictParsing && nil != [elem firstChild])
+ {
+ [NSException raise: NSGenericException
+ format: @"xml element inside %@", name];
+ }
s = [elem content];
if ([s length] == 0)
{
@@ -401,6 +421,11 @@
if ([name isEqualToString: @"base64"])
{
+ if (_strictParsing && nil != [elem firstChild])
+ {
+ [NSException raise: NSGenericException
+ format: @"xml element inside %@", name];
+ }
s = [elem content];
if ([s length] == 0)
{
@@ -420,6 +445,11 @@
int minute;
int second;
+ if (_strictParsing && nil != [elem firstChild])
+ {
+ [NSException raise: NSGenericException
+ format: @"xml element inside %@", name];
+ }
s = [elem content];
if ([s length] == 0)
{
@@ -446,6 +476,11 @@
{
NSMutableDictionary *m;
+ if (_strictParsing && [[[elem content] stringByTrimmingSpaces] length])
+ {
+ [NSException raise: NSGenericException
+ format: @"character content inside %@", name];
+ }
c = [elem countChildren];
m = [NSMutableDictionary dictionaryWithCapacity: c];
elem = [elem firstChild];
@@ -493,6 +528,11 @@
{
NSMutableArray *m;
+ if (_strictParsing && [[[elem content] stringByTrimmingSpaces] length])
+ {
+ [NSException raise: NSGenericException
+ format: @"character content inside %@", name];
+ }
c = [elem countChildren];
if (c != 1)
{
_______________________________________________
Gnustep-cvs mailing list
[email protected]
https://mail.gna.org/listinfo/gnustep-cvs
