0ct0pu5/fess
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix #2581 add external-*-entities

Browse source
This commit is contained in:
Shinsuke Sugaya 2021-07-10 06:00:45 +09:00
parent 259389d7d2
commit e13f0a220d
3 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/main/java/org/codelibs/fess/ds/DataStoreFactory.java
View file

@ -89,6 +89,8 @@ public class DataStoreFactory {
try (InputStream is = Files.newInputStream(xmlPath)) {
final DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
factory.setFeature(org.codelibs.fess.crawler.Constants.FEATURE_SECURE_PROCESSING, true);
factory.setFeature(org.codelibs.fess.crawler.Constants.FEATURE_EXTERNAL_GENERAL_ENTITIES, false);
factory.setFeature(org.codelibs.fess.crawler.Constants.FEATURE_EXTERNAL_PARAMETER_ENTITIES, false);
factory.setFeature(Constants.XERCES_FEATURE_PREFIX + Constants.LOAD_EXTERNAL_DTD_FEATURE, false);
final DocumentBuilder builder = factory.newDocumentBuilder();

2
src/main/java/org/codelibs/fess/helper/PluginHelper.java
View file

@ -125,6 +125,8 @@ public class PluginHelper {
try (final InputStream is = new ByteArrayInputStream(pluginMetaContent.getBytes(Constants.UTF_8_CHARSET))) {
final DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
factory.setFeature(Constants.FEATURE_SECURE_PROCESSING, true);
factory.setFeature(Constants.FEATURE_EXTERNAL_GENERAL_ENTITIES, false);
factory.setFeature(Constants.FEATURE_EXTERNAL_PARAMETER_ENTITIES, false);
factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, StringUtil.EMPTY);
factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_SCHEMA, StringUtil.EMPTY);
final DocumentBuilder builder = factory.newDocumentBuilder();

2
src/main/java/org/codelibs/fess/util/GsaConfigParser.java
View file

@ -92,6 +92,8 @@ public class GsaConfigParser extends DefaultHandler {
try {
final SAXParserFactory factory = SAXParserFactory.newInstance();
factory.setFeature(org.codelibs.fess.crawler.Constants.FEATURE_SECURE_PROCESSING, true);
factory.setFeature(org.codelibs.fess.crawler.Constants.FEATURE_EXTERNAL_GENERAL_ENTITIES, false);
factory.setFeature(org.codelibs.fess.crawler.Constants.FEATURE_EXTERNAL_PARAMETER_ENTITIES, false);
final SAXParser parser = factory.newSAXParser();
parser.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD, StringUtil.EMPTY);
parser.setProperty(XMLConstants.ACCESS_EXTERNAL_SCHEMA, StringUtil.EMPTY);