We use cookies to ensure you get the best experience on our website
Accueil Explorer Aide
S'inscrire Connexion
0ct0pu5
/
fess
1
0
Fork 0
Fichiers Tickets 0 Pull Requests 0 Wiki
Parcourir la source

fix #2581 add external-*-entities

Shinsuke Sugaya il y a 4 ans
Parent
259389d7d2
commit
e13f0a220d
3 fichiers modifiés avec 6 ajouts et 0 suppressions
Vue séparée Afficher les stats Diff
  1. 2 0
      src/main/java/org/codelibs/fess/ds/DataStoreFactory.java
  2. 2 0
      src/main/java/org/codelibs/fess/helper/PluginHelper.java
  3. 2 0
      src/main/java/org/codelibs/fess/util/GsaConfigParser.java

+ 2 - 0
src/main/java/org/codelibs/fess/ds/DataStoreFactory.java
Voir le fichier 

@@ -89,6 +89,8 @@ public class DataStoreFactory {
 
                 try (InputStream is = Files.newInputStream(xmlPath)) {
 
                     final DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
 
                     factory.setFeature(org.codelibs.fess.crawler.Constants.FEATURE_SECURE_PROCESSING, true);
 
+                    factory.setFeature(org.codelibs.fess.crawler.Constants.FEATURE_EXTERNAL_GENERAL_ENTITIES, false);
 
+                    factory.setFeature(org.codelibs.fess.crawler.Constants.FEATURE_EXTERNAL_PARAMETER_ENTITIES, false);
 
                     factory.setFeature(Constants.XERCES_FEATURE_PREFIX + Constants.LOAD_EXTERNAL_DTD_FEATURE, false);
 
                     final DocumentBuilder builder = factory.newDocumentBuilder();

+ 2 - 0
src/main/java/org/codelibs/fess/helper/PluginHelper.java
Voir le fichier 

@@ -125,6 +125,8 @@ public class PluginHelper {
 
             try (final InputStream is = new ByteArrayInputStream(pluginMetaContent.getBytes(Constants.UTF_8_CHARSET))) {
 
                 final DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
 
                 factory.setFeature(Constants.FEATURE_SECURE_PROCESSING, true);
 
+                factory.setFeature(Constants.FEATURE_EXTERNAL_GENERAL_ENTITIES, false);
 
+                factory.setFeature(Constants.FEATURE_EXTERNAL_PARAMETER_ENTITIES, false);
 
                 factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, StringUtil.EMPTY);
 
                 factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_SCHEMA, StringUtil.EMPTY);
 
                 final DocumentBuilder builder = factory.newDocumentBuilder();

+ 2 - 0
src/main/java/org/codelibs/fess/util/GsaConfigParser.java
Voir le fichier 

@@ -92,6 +92,8 @@ public class GsaConfigParser extends DefaultHandler {
 
         try {
 
             final SAXParserFactory factory = SAXParserFactory.newInstance();
 
             factory.setFeature(org.codelibs.fess.crawler.Constants.FEATURE_SECURE_PROCESSING, true);
 
+            factory.setFeature(org.codelibs.fess.crawler.Constants.FEATURE_EXTERNAL_GENERAL_ENTITIES, false);
 
+            factory.setFeature(org.codelibs.fess.crawler.Constants.FEATURE_EXTERNAL_PARAMETER_ENTITIES, false);
 
             final SAXParser parser = factory.newSAXParser();
 
             parser.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD, StringUtil.EMPTY);
 
             parser.setProperty(XMLConstants.ACCESS_EXTERNAL_SCHEMA, StringUtil.EMPTY);

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5