Josef Kuhm wrote: > > in order to alleviate the deployment of configured XXE instances, I tried > to enhance my private .XXE files a little bit. > > I inserted a DocType declaration specifying an internal subset in order to > be able to use entity definitions. In the internal subset I defined a > external parameter entity declaration for a file holding general entity > declarations to be used in the body of my .XXE configuration file. > > The .XXE file looks like: > > <?xml version='1.0' encoding='ISO-8859-1'?> > <!DOCTYPE configuration [ > <!ENTITY % my_locations SYSTEM "../base_locations.ent"> > %my_locations; > ]> > <configuration name="SomeName" > ......> > > ......... > <css name="SomeName" > location="&XML-Resources.local-dir.URL;/CSSs/SomeName.css" /> > > <template name="SomeName" > location=" > &XML-Resources.local-dir.URL;/Templates/SomeName.xml" /> > > ......... > </configuration> > > where the general entity &XML-Resources.local-dir.URL; is defined in a file > named 'base_locations.ent' residing in the parent directory of the present > .XXE configuration file. > > The contents of file 'base_locations.ent' look like: > > <!-- Some heading comment --> > <!ENTITY XML-Resources.local-dir.URL > "file://localhost/C:/Dir1/Dir2/X-local_XML-Resources"> > > While the described setup makes up a perfectly valid XML file, XMLmind > (v2.1) > complains on startup with a message like: > > Warning: > > Startup error ! > > Invalid configuration file test.xxe > ......... > ......... > > and points to the '%my_locations;' line of the configuration file. > > Do you consider this behaviour of XMLmind a bug or is usage of internal > DTD subset with definition of external parameter entities beyond the > XMLmind > implementation scope ???
I did what you want to do with the bundled DocBook configuration: [1] I modified my docbook.xxe ------------------------ <?xml version='1.0' encoding='ISO-8859-1'?> <!DOCTYPE configuration [ <!ENTITY % my_locations SYSTEM "base_locations.ent"> %my_locations; ]> <configuration name="DocBook" xsi:schemaLocation="http://www.xmlmind.com/xmleditor/schema/configuration ../configuration/xsd/configuration.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns="http://www.xmlmind.com/xmleditor/schema/configuration"; xmlns:cfg="http://www.xmlmind.com/xmleditor/schema/configuration";> . . . <css name="DocBook (collapsible sections)" location="&cssdir;/docbook-collapsible.css" /> <css name="DocBook" alternate="true" location="&cssdir;/docbook.css" /> ------------------------ [2] I created a simple base_locations.ent file ----------------------------- <!-- Some heading comment --> <!ENTITY cssdir "file://localhost/home/hussein/src/xxe/distrib/config/docbook/css"> ----------------------------- And everything works fine! I suspect that there is a problem with your base_locations.ent. May be * you have forgot a quote * or may be you use accented chars you have forgot to add a text declaration to base_locations.ent (<?xml version='1.0' encoding='ISO-8859-1'?>)
