0ct0pu5/fess
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

set load-external-dtd to false

Browse source
This commit is contained in:
igarashi 2020-03-03 15:23:02 +09:00
parent d5458fa95e
commit 63a93a6a0f
1 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/main/java/org/codelibs/fess/ds/DataStoreFactory.java
View file

@ -35,6 +35,7 @@ import javax.xml.parsers.DocumentBuilderFactory;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.apache.xerces.impl.Constants;
import org.codelibs.core.lang.StringUtil;
import org.codelibs.fess.helper.PluginHelper;
import org.codelibs.fess.util.ResourceUtil;
@ -87,6 +88,7 @@ public class DataStoreFactory {
try (InputStream is = Files.newInputStream(xmlPath)) {
final DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
factory.setFeature(Constants.XERCES_FEATURE_PREFIX + Constants.LOAD_EXTERNAL_DTD_FEATURE, false);
final DocumentBuilder builder = factory.newDocumentBuilder();
final Document doc = builder.parse(is);