From: Uwe Schindler Date: Mon, 18 Aug 2014 16:01:35 +0000 (+0000) Subject: Add Dominik's suggestion to DocumentBuilderFactories. I also removed the setXIncludeA... X-Git-Tag: REL_3_11_BETA3~94 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=b89e0499d3bc356994f8343f7a6bc4df23ba1536;p=poi.git Add Dominik's suggestion to DocumentBuilderFactories. I also removed the setXIncludeAware(false) in XMLHelper, because it causes the same problem and is disabled by default. git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1618644 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/src/java/org/apache/poi/util/XMLHelper.java b/src/java/org/apache/poi/util/XMLHelper.java index f2da607762..3e97cee0b3 100644 --- a/src/java/org/apache/poi/util/XMLHelper.java +++ b/src/java/org/apache/poi/util/XMLHelper.java @@ -19,7 +19,6 @@ package org.apache.poi.util; import javax.xml.XMLConstants; import javax.xml.parsers.DocumentBuilderFactory; -import javax.xml.parsers.ParserConfigurationException; /** * Helper methods for working with javax.xml classes. @@ -27,22 +26,31 @@ import javax.xml.parsers.ParserConfigurationException; */ public final class XMLHelper { + private static POILogger logger = POILogFactory.getLogger(XMLHelper.class); + /** * Creates a new DocumentBuilderFactory, with sensible defaults */ public static DocumentBuilderFactory getDocumentBuilderFactory() { + DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); + factory.setExpandEntityReferences(false); + trySetSAXFeature(factory, XMLConstants.FEATURE_SECURE_PROCESSING, true); + trySetSAXFeature(factory, "http://xml.org/sax/features/external-general-entities", false); + trySetSAXFeature(factory, "http://xml.org/sax/features/external-parameter-entities", false); + trySetSAXFeature(factory, "http://apache.org/xml/features/nonvalidating/load-external-dtd", false); + trySetSAXFeature(factory, "http://apache.org/xml/features/nonvalidating/load-dtd-grammar", false); + return factory; + } + + private static void trySetSAXFeature(DocumentBuilderFactory documentBuilderFactory, String feature, boolean enabled) { try { - DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); - factory.setXIncludeAware(false); - factory.setExpandEntityReferences(false); - factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); - factory.setFeature("http://xml.org/sax/features/external-general-entities", false); - factory.setFeature("http://xml.org/sax/features/external-parameter-entities", false); - factory.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false); - factory.setFeature("http://apache.org/xml/features/nonvalidating/load-dtd-grammar", false); - return factory; - } catch (ParserConfigurationException e) { - throw new RuntimeException("Broken XML Setup", e); + documentBuilderFactory.setFeature(feature, enabled); + } catch (Exception e) { + logger.log(POILogger.WARN, "SAX Feature unsupported", feature, e); + } catch (AbstractMethodError ame) { + logger.log(POILogger.WARN, "Cannot set SAX feature because outdated XML parser in classpath", feature, ame); } } + + } diff --git a/src/ooxml/java/org/apache/poi/util/DocumentHelper.java b/src/ooxml/java/org/apache/poi/util/DocumentHelper.java index 9ff6e7fb02..0c18b5d009 100644 --- a/src/ooxml/java/org/apache/poi/util/DocumentHelper.java +++ b/src/ooxml/java/org/apache/poi/util/DocumentHelper.java @@ -61,9 +61,12 @@ public final class DocumentHelper { try { documentBuilderFactory.setFeature(feature, enabled); } catch (Exception e) { - logger.log(POILogger.INFO, "SAX Feature unsupported", feature, e); + logger.log(POILogger.WARN, "SAX Feature unsupported", feature, e); + } catch (AbstractMethodError ame) { + logger.log(POILogger.WARN, "Cannot set SAX feature because outdated XML parser in classpath", feature, ame); } } + private static void trySetXercesSecurityManager(DocumentBuilderFactory documentBuilderFactory) { // Try built-in JVM one first, standalone if not for (String securityManagerClassName : new String[] { @@ -78,7 +81,7 @@ public final class DocumentHelper { // Stop once one can be setup without error return; } catch (Exception e) { - logger.log(POILogger.INFO, "SAX Security Manager could not be setup", e); + logger.log(POILogger.WARN, "SAX Security Manager could not be setup", e); } } } diff --git a/src/ooxml/java/org/apache/poi/util/SAXHelper.java b/src/ooxml/java/org/apache/poi/util/SAXHelper.java index bbc58e5130..d4d016cb3b 100644 --- a/src/ooxml/java/org/apache/poi/util/SAXHelper.java +++ b/src/ooxml/java/org/apache/poi/util/SAXHelper.java @@ -69,7 +69,9 @@ public final class SAXHelper { try { xmlReader.setFeature(feature, enabled); } catch (Exception e) { - logger.log(POILogger.INFO, "SAX Feature unsupported", feature, e); + logger.log(POILogger.WARN, "SAX Feature unsupported", feature, e); + } catch (AbstractMethodError ame) { + logger.log(POILogger.WARN, "Cannot set SAX feature because outdated XML parser in classpath", feature, ame); } } @@ -87,7 +89,7 @@ public final class SAXHelper { // Stop once one can be setup without error return; } catch (Exception e) { - logger.log(POILogger.INFO, "SAX Security Manager could not be setup", e); + logger.log(POILogger.WARN, "SAX Security Manager could not be setup", e); } } }