On Wed, Jun 24, 2009 at 09:56:28PM +0200, Benjamin Vetter wrote:
>
> Hi List,
>
> I'm using libxslt through cpan's xml::libxslt.
> When I use the Security Framework and deny anything through something like
>
> sub violate { return 0; };
> $security->register_callback( read_file => \&violate );
> $security->register_callback( write_file => \&violate );
> $security->register_callback( create_dir => \&violate );
> $security->register_callback( read_net => \&violate );
> $security->register_callback( write_net => \&violate );
>
> the document() function fails like expected, but xsl:include or
> xsl:import can import arbitrary additional stylesheets.
> Is it a documented behaviour?
> I think it's a rather unexpected behaviour and could potentially lead
> to a security issue.
>
> Comments appreciated.
> I'm using libxslt-1.1.9
that's very very old, please update to 1.1.24 it may be fixed, if not
please report,
thanks,
Daniel
--
Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
[email protected] | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library http://libvirt.org/
_______________________________________________
xslt mailing list, project page http://xmlsoft.org/XSLT/
[email protected]
http://mail.gnome.org/mailman/listinfo/xslt
