packages/xmlrpc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
xmlrpc/xmlrpc-disallow-loading-external-dtd.patch
chengzihan2 35426729dd package init
2020-08-28 16:13:34 +08:00

31 lines
1.1 KiB
Diff
Raw Blame History

From 338ab231b228bd36afda4ab31db724c6669579b2 Mon Sep 17 00:00:00 2001
From: Michael Simacek <msimacek@redhat.com>
Date: Tue, 22 May 2018 10:53:28 +0200
Subject: [PATCH 2/2] Disallow loading external DTD
---
.../src/main/java/org/apache/xmlrpc/util/SAXParsers.java | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/common/src/main/java/org/apache/xmlrpc/util/SAXParsers.java b/common/src/main/java/org/apache/xmlrpc/util/SAXParsers.java
index b1034e7..49ef5de 100644
--- a/common/src/main/java/org/apache/xmlrpc/util/SAXParsers.java
+++ b/common/src/main/java/org/apache/xmlrpc/util/SAXParsers.java
@@ -48,6 +48,13 @@ public class SAXParsers {
} catch (org.xml.sax.SAXException e) {
// Ignore it
}
+ try {
+ spf.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
+ } catch (javax.xml.parsers.ParserConfigurationException e) {
+ // Ignore it
+ } catch (org.xml.sax.SAXException e) {
+ // Ignore it
+ }
}
/** Creates a new instance of {@link XMLReader}.
--
2.17.0
Reference in New Issue View Git Blame Copy Permalink