Hi simon
Simon Gash wrote:
OK I've walked my way through the code and this is what I found....
I guess the solution would be to encode the xml on storage (& = &), I did this manually and it worked fine. I'm not sure if I should be checking the new nodes name to ensure its good XML or whether JackRabbit should be doing it ? Or how about using the CDATA to block escape literal text ?
I think you shouldn't do any check, it's a bug in the XML PM.
One possible fix is to escape the sensitive character ('&'). Or maybe create a DOM document and use XML serialization, I think this would be more secure.
If you still want to recover your broken repository you can try the tool I uploaded to JIRA (http://issues.apache.org/jira/browse/JCR-76). It will ask you to remove any reference to nodes and properties that the PM is unable to read. I plan to add a GUI that will let the user navigate the PM, but it's only a console tool for now :(.
btw, I don't think XML PM + CQFS is a good choice. xml is human readable but it's no so easy to read/write if it's stored in cqfs. IMHO If you need to use cqfs for performance reasons you should use Object PM instead.
regards edgar
Any thoughts anyone...
Thanks for your time.
Simon
