aboutsummaryrefslogtreecommitdiffstats
path: root/src/java/org/apache
diff options
context:
space:
mode:
authorPJ Fanning <fanningpj@apache.org>2017-06-24 07:30:07 +0000
committerPJ Fanning <fanningpj@apache.org>2017-06-24 07:30:07 +0000
commit6df937ec6bde5aad5dbcd9cbc558cc623b24a406 (patch)
tree645f0b69eb2610f93fd74d60963794c1f8170c5b /src/java/org/apache
parent3e6d942b958744d78900efd9eb923cbbd190a73a (diff)
downloadpoi-6df937ec6bde5aad5dbcd9cbc558cc623b24a406.tar.gz
poi-6df937ec6bde5aad5dbcd9cbc558cc623b24a406.zip
Add StaxHelper to ensure that StAX parsers have sensible defaults, including settings to avoid XML Entity Expansion issues
git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1799734 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'src/java/org/apache')
-rw-r--r--src/java/org/apache/poi/sl/draw/DrawSimpleShape.java3
-rw-r--r--src/java/org/apache/poi/sl/draw/geom/PresetGeometries.java3
-rw-r--r--src/java/org/apache/poi/util/StaxHelper.java52
3 files changed, 56 insertions, 2 deletions
diff --git a/src/java/org/apache/poi/sl/draw/DrawSimpleShape.java b/src/java/org/apache/poi/sl/draw/DrawSimpleShape.java
index d2e9991e1e..912cf3e7a0 100644
--- a/src/java/org/apache/poi/sl/draw/DrawSimpleShape.java
+++ b/src/java/org/apache/poi/sl/draw/DrawSimpleShape.java
@@ -53,6 +53,7 @@ import org.apache.poi.sl.usermodel.PaintStyle.SolidPaint;
import org.apache.poi.sl.usermodel.Shadow;
import org.apache.poi.sl.usermodel.SimpleShape;
import org.apache.poi.util.IOUtils;
+import org.apache.poi.util.StaxHelper;
import org.apache.poi.util.Units;
@@ -363,7 +364,7 @@ public class DrawSimpleShape extends DrawShape {
};
try {
- XMLInputFactory staxFactory = XMLInputFactory.newInstance();
+ XMLInputFactory staxFactory = StaxHelper.newXMLInputFactory();
XMLEventReader staxReader = staxFactory.createXMLEventReader(presetIS);
XMLEventReader staxFiltRd = staxFactory.createFilteredReader(staxReader, startElementFilter);
// Ignore StartElement:
diff --git a/src/java/org/apache/poi/sl/draw/geom/PresetGeometries.java b/src/java/org/apache/poi/sl/draw/geom/PresetGeometries.java
index ad2553fbe7..a188e6e255 100644
--- a/src/java/org/apache/poi/sl/draw/geom/PresetGeometries.java
+++ b/src/java/org/apache/poi/sl/draw/geom/PresetGeometries.java
@@ -37,6 +37,7 @@ import javax.xml.stream.events.XMLEvent;
import org.apache.poi.sl.draw.binding.CTCustomGeometry2D;
import org.apache.poi.util.POILogFactory;
import org.apache.poi.util.POILogger;
+import org.apache.poi.util.StaxHelper;
/**
*
@@ -59,7 +60,7 @@ public class PresetGeometries extends LinkedHashMap<String, CustomGeometry> {
}
};
- XMLInputFactory staxFactory = XMLInputFactory.newFactory();
+ XMLInputFactory staxFactory = StaxHelper.newXMLInputFactory();
XMLEventReader staxReader = staxFactory.createXMLEventReader(is);
XMLEventReader staxFiltRd = staxFactory.createFilteredReader(staxReader, startElementFilter);
// ignore StartElement:
diff --git a/src/java/org/apache/poi/util/StaxHelper.java b/src/java/org/apache/poi/util/StaxHelper.java
new file mode 100644
index 0000000000..ae526d73b7
--- /dev/null
+++ b/src/java/org/apache/poi/util/StaxHelper.java
@@ -0,0 +1,52 @@
+/* ====================================================================
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+==================================================================== */
+
+package org.apache.poi.util;
+
+import javax.xml.stream.XMLInputFactory;
+
+
+/**
+ * Provides handy methods for working with StAX parsers and readers
+ */
+public final class StaxHelper {
+ private static final POILogger logger = POILogFactory.getLogger(StaxHelper.class);
+
+ private StaxHelper() {}
+
+ /**
+ * Creates a new StAX XMLInputFactory, with sensible defaults
+ */
+ public static XMLInputFactory newXMLInputFactory() {
+ XMLInputFactory factory = XMLInputFactory.newFactory();
+ trySetProperty(factory, XMLInputFactory.IS_NAMESPACE_AWARE, true);
+ trySetProperty(factory, XMLInputFactory.IS_VALIDATING, false);
+ trySetProperty(factory, XMLInputFactory.SUPPORT_DTD, false);
+ trySetProperty(factory, XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false);
+ return factory;
+ }
+
+ private static void trySetProperty(XMLInputFactory factory, String feature, boolean flag) {
+ try {
+ factory.setProperty(feature, flag);
+ } catch (Exception e) {
+ logger.log(POILogger.WARN, "StAX Property unsupported", feature, e);
+ } catch (AbstractMethodError ame) {
+ logger.log(POILogger.WARN, "Cannot set StAX property because outdated StAX parser in classpath", feature, ame);
+ }
+ }
+}