Browse Source
[bug-62692] issue when using widlfy xml parser
git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1840304 13f79535-47bb-0310-9956-ffa450edef68pull/124/merge
PJ Fanning
5 years ago
2 changed files with 20 additions and 9 deletions
+ 20
- 8
src/ooxml/java/org/apache/poi/ooxml/util/DocumentHelper.java
View File
| @@ -20,6 +20,7 @@ package org.apache.poi.ooxml.util; | |||
| import java.io.IOException; | |||
| import java.io.InputStream; | |||
| import java.lang.reflect.Method; | |||
| import java.util.concurrent.TimeUnit; | |||
| import javax.xml.XMLConstants; | |||
| import javax.xml.parsers.DocumentBuilder; | |||
| @@ -38,6 +39,7 @@ import org.xml.sax.SAXParseException; | |||
| public final class DocumentHelper { | |||
| private static POILogger logger = POILogFactory.getLogger(DocumentHelper.class); | |||
| private static long lastLog; | |||
| private DocumentHelper() {} | |||
| @@ -102,19 +104,19 @@ public final class DocumentHelper { | |||
| //this doesn't appear to work, and we still need to limit | |||
| //entity expansions to 1 in trySetXercesSecurityManager | |||
| documentBuilderFactory.setExpandEntityReferences(false); | |||
| trySetSAXFeature(documentBuilderFactory, XMLConstants.FEATURE_SECURE_PROCESSING, true); | |||
| trySetSAXFeature(documentBuilderFactory, POIXMLConstants.FEATURE_LOAD_DTD_GRAMMAR, false); | |||
| trySetSAXFeature(documentBuilderFactory, POIXMLConstants.FEATURE_LOAD_EXTERNAL_DTD, false); | |||
| trySetFeature(documentBuilderFactory, XMLConstants.FEATURE_SECURE_PROCESSING, true); | |||
| trySetFeature(documentBuilderFactory, POIXMLConstants.FEATURE_LOAD_DTD_GRAMMAR, false); | |||
| trySetFeature(documentBuilderFactory, POIXMLConstants.FEATURE_LOAD_EXTERNAL_DTD, false); | |||
| trySetXercesSecurityManager(documentBuilderFactory); | |||
| } | |||
| private static void trySetSAXFeature(DocumentBuilderFactory dbf, String feature, boolean enabled) { | |||
| private static void trySetFeature(DocumentBuilderFactory dbf, String feature, boolean enabled) { | |||
| try { | |||
| dbf.setFeature(feature, enabled); | |||
| } catch (Exception e) { | |||
| logger.log(POILogger.WARN, "SAX Feature unsupported", feature, e); | |||
| logger.log(POILogger.WARN, "DocumentBuilderFactory Feature unsupported", feature, e); | |||
| } catch (AbstractMethodError ame) { | |||
| logger.log(POILogger.WARN, "Cannot set SAX feature because outdated XML parser in classpath", feature, ame); | |||
| logger.log(POILogger.WARN, "Cannot set DocumentBuilderFactory feature because outdated XML parser in classpath", feature, ame); | |||
| } | |||
| } | |||
| @@ -134,13 +136,23 @@ public final class DocumentHelper { | |||
| } catch (ClassNotFoundException e) { | |||
| // continue without log, this is expected in some setups | |||
| } catch (Throwable e) { // NOSONAR - also catch things like NoClassDefError here | |||
| logger.log(POILogger.WARN, "SAX Security Manager could not be setup", e); | |||
| if(System.currentTimeMillis() > lastLog + TimeUnit.MINUTES.toMillis(5)) { | |||
| logger.log(POILogger.WARN, "DocumentBuilderFactory Security Manager could not be setup [log suppressed for 5 minutes]", e); | |||
| lastLog = System.currentTimeMillis(); | |||
| } | |||
| } | |||
| } | |||
| // separate old version of Xerces not found => use the builtin way of setting the property | |||
| // Note: when entity_expansion_limit==0, there is no limit! | |||
| dbf.setAttribute(POIXMLConstants.PROPERTY_ENTITY_EXPANSION_LIMIT, 1); | |||
| try { | |||
| dbf.setAttribute(POIXMLConstants.PROPERTY_ENTITY_EXPANSION_LIMIT, 1); | |||
| } catch (Throwable e) { | |||
| if(System.currentTimeMillis() > lastLog + TimeUnit.MINUTES.toMillis(5)) { | |||
| logger.log(POILogger.WARN, "DocumentBuilderFactory Entity Expansion Limit could not be setup [log suppressed for 5 minutes]", e); | |||
| lastLog = System.currentTimeMillis(); | |||
| } | |||
| } | |||
| } | |||
| /** | |||
+ 0
- 1
src/ooxml/java/org/apache/poi/xwpf/usermodel/XWPFDocument.java
View File
| @@ -84,7 +84,6 @@ import org.openxmlformats.schemas.wordprocessingml.x2006.main.STDocProtect; | |||
| import org.openxmlformats.schemas.wordprocessingml.x2006.main.STHdrFtr; | |||
| import org.openxmlformats.schemas.wordprocessingml.x2006.main.STOnOff; | |||
| import org.openxmlformats.schemas.wordprocessingml.x2006.main.StylesDocument; | |||
| import org.openxmlformats.schemas.wordprocessingml.x2006.main.*; | |||
| /** | |||
| * <p>High(ish) level class for working with .docx files.</p> | |||
Loading…