mirrors
/
poi
mirror of https://github.com/apache/poi.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 100 Wiki Activity
Browse Source

don't allow SAX parser to accept DTDs 

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1893075 13f79535-47bb-0310-9956-ffa450edef68
tags/REL_5_2_0
PJ Fanning 2 years ago
parent
0bb651955e
commit
bfb86f8a45
2 changed files with 2 additions and 1 deletions
Split View Show Diff Stats
  1. 1
    1
      poi-ooxml/src/test/java/org/apache/poi/xssf/usermodel/TestXSSFBugs.java
  2. 1
    0
      poi/src/main/java/org/apache/poi/util/XMLHelper.java

+ 1
- 1
poi-ooxml/src/test/java/org/apache/poi/xssf/usermodel/TestXSSFBugs.java View File

@@ -1887,7 +1887,7 @@ public final class TestXSSFBugs extends BaseTestBugzillaIssues {
SAXParseException e = assertThrows(SAXParseException.class,
() -> reader.parse(new InputSource(zip.getInputStream(ze))));
assertNotNull(e.getMessage());
assertTrue(e.getMessage().contains("more than \"1\" entity"));
assertNotEquals(isOldXercesActive(), e.getMessage().contains("DOCTYPE is disallowed when the feature"));
}
}


+ 1
- 0
poi/src/main/java/org/apache/poi/util/XMLHelper.java View File

@@ -157,6 +157,7 @@ public final class XMLHelper {
trySet(factory::setFeature, FEATURE_LOAD_DTD_GRAMMAR, false);
trySet(factory::setFeature, FEATURE_LOAD_EXTERNAL_DTD, false);
trySet(factory::setFeature, FEATURE_EXTERNAL_ENTITIES, false);
trySet(factory::setFeature, FEATURE_DISALLOW_DOCTYPE_DECL, true);
return factory;
} catch (RuntimeException | Error re) { // NOSONAR
// this also catches NoClassDefFoundError, which may be due to a local class path issue

Write Preview
Loading…
Cancel
Save