#59195 - POIXMLTypeLoader depends on XMLBeans 2.6.0 - remove piccolo classes from...

author Andreas Beeker <kiwiwings@apache.org>

Fri, 18 Mar 2016 21:34:03 +0000 (21:34 +0000)

committer Andreas Beeker <kiwiwings@apache.org>

Fri, 18 Mar 2016 21:34:03 +0000 (21:34 +0000)
author Andreas Beeker <kiwiwings@apache.org>
Fri, 18 Mar 2016 21:34:03 +0000 (21:34 +0000)
committer Andreas Beeker <kiwiwings@apache.org>
Fri, 18 Mar 2016 21:34:03 +0000 (21:34 +0000)
diff --git a/build.xml b/build.xml

index ecc92de49fa5d77877e18ae96fcb28b946daa926..b4781cd38759adea283f753e90a8c29b7c110705 100644 (file)
--- a/build.xml
+++ b/build.xml
@@ -580,8 +580,15 @@ under the License.
      <target name="fetch-ooxml-jars" depends="check-ooxml-jars" unless="ooxml.jars.present">
          <mkdir dir="${ooxml.lib}"/>
          <downloadfile src="${ooxml.curvesapi.url}" dest="${ooxml.curvesapi.jar}"/>
-        <downloadfile src="${ooxml.xmlbeans23.url}" dest="${ooxml.xmlbeans23.jar}"/>
-        <downloadfile src="${ooxml.xmlbeans26.url}" dest="${ooxml.xmlbeans26.jar}"/>
+        <downloadfile src="${ooxml.xmlbeans23.url}" dest="${ooxml.xmlbeans23.jar}.orig"/>
+        <downloadfile src="${ooxml.xmlbeans26.url}" dest="${ooxml.xmlbeans26.jar}.orig"/>
+       <!-- remove piccolo parser, so we don't use unsafe calls to it instead of using jaxp -->
+       <zip destfile="${ooxml.xmlbeans23.jar}">
+               <zipfileset src="${ooxml.xmlbeans23.jar}.orig" excludes="org/apache/xmlbeans/impl/piccolo/**"/>
+       </zip>
+        <zip destfile="${ooxml.xmlbeans26.jar}">
+            <zipfileset src="${ooxml.xmlbeans26.jar}.orig" excludes="org/apache/xmlbeans/impl/piccolo/**"/>
+        </zip>
      </target>
  
      <target name="check-ooxml-xsds">
diff --git a/src/ooxml/java/org/apache/poi/POIXMLTypeLoader.java b/src/ooxml/java/org/apache/poi/POIXMLTypeLoader.java

index 1fd55628ca7ccded7150d69a62e0e6c39631fe1c..5304b3121af7b83a8cf66d1d45f7ddbd79127b43 100644 (file)
--- a/src/ooxml/java/org/apache/poi/POIXMLTypeLoader.java
+++ b/src/ooxml/java/org/apache/poi/POIXMLTypeLoader.java
@@ -53,7 +53,10 @@ public class POIXMLTypeLoader {
          DEFAULT_XML_OPTIONS.setUseDefaultNamespace();\r
          DEFAULT_XML_OPTIONS.setSaveAggressiveNamespaces();\r
          DEFAULT_XML_OPTIONS.setCharacterEncoding("UTF-8");\r
-        DEFAULT_XML_OPTIONS.setLoadEntityBytesLimit(4096);\r
+        // Piccolo is disabled for POI builts, i.e. JAXP is used for parsing\r
+        // so only user code using XmlObject/XmlToken.Factory.parse\r
+        // directly can bypass the entity check, which is probably unlikely (... and not within our responsibility :)) \r
+        // DEFAULT_XML_OPTIONS.setLoadEntityBytesLimit(4096);\r
  \r
          Map<String, String> map = new HashMap<String, String>();\r
          map.put("http://schemas.openxmlformats.org/drawingml/2006/main", "a");\r
author	Andreas Beeker <kiwiwings@apache.org>
	Fri, 18 Mar 2016 21:34:03 +0000 (21:34 +0000)
committer	Andreas Beeker <kiwiwings@apache.org>
	Fri, 18 Mar 2016 21:34:03 +0000 (21:34 +0000)
build.xml		patch \| blob \| history
src/ooxml/java/org/apache/poi/POIXMLTypeLoader.java		patch \| blob \| history