mrglavas 2004/11/17 11:11:11
Modified: java/src/org/apache/xerces/impl XMLEntityManager.java
Log:
Modifying expandSystemId to reject one character scheme names
when strict mode is off. The URI class used to this work. We do
this here so that we flag likely DOS file names and then fix them up.
Revision Changes Path
1.92 +49 -5
xml-xerces/java/src/org/apache/xerces/impl/XMLEntityManager.java
Index: XMLEntityManager.java
===================================================================
RCS file:
/home/cvs/xml-xerces/java/src/org/apache/xerces/impl/XMLEntityManager.java,v
retrieving revision 1.91
retrieving revision 1.92
diff -u -r1.91 -r1.92
--- XMLEntityManager.java 21 Oct 2004 03:40:43 -0000 1.91
+++ XMLEntityManager.java 17 Nov 2004 19:11:10 -0000 1.92
@@ -1639,12 +1639,12 @@
// system id has to be a valid URI
if (strict) {
- return expandSystemId0(systemId, baseSystemId);
+ return expandSystemIdStrictOn(systemId, baseSystemId);
}
// Assume the URIs are well-formed. If it turns out they're not, try
fixing them up.
try {
- return expandSystemId0(systemId, baseSystemId);
+ return expandSystemIdStrictOff(systemId, baseSystemId);
}
catch (URI.MalformedURIException e) {
// continue on...
@@ -1699,7 +1699,7 @@
/**
* Helper method for expandSystemId(String,String,boolean):String
*/
- private static String expandSystemId0(String systemId, String
baseSystemId)
+ private static String expandSystemIdStrictOn(String systemId, String
baseSystemId)
throws URI.MalformedURIException {
URI systemURI = new URI(systemId, true);
@@ -1729,7 +1729,51 @@
// if any exception is thrown, it'll get thrown to the caller.
- } // expandSystemId0(String,String):String
+ } // expandSystemIdStrictOn(String,String):String
+
+ /**
+ * Helper method for expandSystemId(String,String,boolean):String
+ */
+ private static String expandSystemIdStrictOff(String systemId, String
baseSystemId)
+ throws URI.MalformedURIException {
+
+ URI systemURI = new URI(systemId, true);
+ // If it's already an absolute one, return it
+ if (systemURI.isAbsoluteURI()) {
+ if (systemURI.getScheme().length() > 1) {
+ return systemId;
+ }
+ /**
+ * If the scheme's length is only one character,
+ * it's likely that this was intended as a file
+ * path. Fixing this up in expandSystemId to
+ * maintain backwards compatibility.
+ */
+ throw new URI.MalformedURIException();
+ }
+
+ // If there isn't a base URI, use the working directory
+ URI baseURI = null;
+ if (baseSystemId == null || baseSystemId.length() == 0) {
+ baseURI = getUserDir();
+ }
+ else {
+ baseURI = new URI(baseSystemId, true);
+ if (!baseURI.isAbsoluteURI()) {
+ // assume "base" is also a relative uri
+ baseURI.absolutize(getUserDir());
+ }
+ }
+
+ // absolutize the system identifier using the base URI
+ systemURI.absolutize(baseURI);
+
+ // return the string rep of the new uri (an absolute one)
+ return systemURI.toString();
+
+ // if any exception is thrown, it'll get thrown to the caller.
+
+ } // expandSystemIdStrictOff(String,String):String
/**
* Attempt to set whether redirects will be followed for an
<code>HttpURLConnection</code>.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
