s***@apache.org
2005-06-27 20:42:05 UTC
snichol 2005/06/27 13:42:05
Modified: java/src/org/apache/soap/util/xml DOMUtils.java QName.java
XMLParserUtils.java
Log:
Correctly support document builder that does not expand entities.
Make it the default to not expand entities.
Revision Changes Path
1.11 +28 -0 ws-soap/java/src/org/apache/soap/util/xml/DOMUtils.java
Index: DOMUtils.java
===================================================================
RCS file: /home/cvs/ws-soap/java/src/org/apache/soap/util/xml/DOMUtils.java,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- DOMUtils.java 7 Apr 2004 20:51:40 -0000 1.10
+++ DOMUtils.java 27 Jun 2005 20:42:05 -0000 1.11
@@ -97,6 +97,8 @@
case Node.TEXT_NODE :
case Node.CDATA_SECTION_NODE :
return ((CharacterData)tempNode).getData();
+ case Node.ENTITY_REFERENCE_NODE:
+ return getEntityValue(tempNode.getNodeName());
}
return "";
}
@@ -108,6 +110,9 @@
case Node.CDATA_SECTION_NODE :
strBuf.append(((CharacterData)tempNode).getData());
break;
+ case Node.ENTITY_REFERENCE_NODE:
+ strBuf.append(getEntityValue(tempNode.getNodeName()));
+ break;
}
tempNode = nextNode;
if (tempNode != null)
@@ -119,6 +124,29 @@
}
/**
+ * Returns the value for an entity, either substituting for
+ * well-known entities or returning the entity literal. We
+ * translate our own entities as protection from DOS attack
+ * when the parser expands entities.
+ *
+ * @param entityName The name of the entity.
+ * @return The entity value.
+ */
+ protected static String getEntityValue(String entityName) {
+ if (entityName.equals("lt"))
+ return "<";
+ if (entityName.equals("amp"))
+ return "&";
+ if (entityName.equals("gt"))
+ return ">";
+ if (entityName.equals("quot"))
+ return "\"";
+ if (entityName.equals("apos"))
+ return "\'";
+ return "&" + entityName + ";";
+ }
+
+ /**
* Return the first child element of the given element. Null if no
* children are found.
*
1.11 +2 -2 ws-soap/java/src/org/apache/soap/util/xml/QName.java
Index: QName.java
===================================================================
RCS file: /home/cvs/ws-soap/java/src/org/apache/soap/util/xml/QName.java,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- QName.java 7 Apr 2004 20:51:40 -0000 1.10
+++ QName.java 27 Jun 2005 20:42:05 -0000 1.11
@@ -150,7 +150,7 @@
*/
public String toString()
{
- return new StringBuffer(namespaceURI.length() + 1 + localPart.length())
- .append(namespaceURI).append(':').append(localPart).toString();
+ return new StringBuffer(namespaceURI.length() + 2 + localPart.length())
+ .append('{').append(namespaceURI).append('}').append(localPart).toString();
}
}
1.13 +2 -2 ws-soap/java/src/org/apache/soap/util/xml/XMLParserUtils.java
Index: XMLParserUtils.java
===================================================================
RCS file: /home/cvs/ws-soap/java/src/org/apache/soap/util/xml/XMLParserUtils.java,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- XMLParserUtils.java 24 Jun 2005 22:55:57 -0000 1.12
+++ XMLParserUtils.java 27 Jun 2005 20:42:05 -0000 1.13
@@ -47,7 +47,7 @@
static {
// Create a default instance.
- refreshDocumentBuilderFactory(null, true, false, true);
+ refreshDocumentBuilderFactory(null, true, false, false);
}
/**
@@ -77,7 +77,7 @@
refreshDocumentBuilderFactory(factoryClassName,
namespaceAware,
validating,
- true);
+ false);
}
/**
Modified: java/src/org/apache/soap/util/xml DOMUtils.java QName.java
XMLParserUtils.java
Log:
Correctly support document builder that does not expand entities.
Make it the default to not expand entities.
Revision Changes Path
1.11 +28 -0 ws-soap/java/src/org/apache/soap/util/xml/DOMUtils.java
Index: DOMUtils.java
===================================================================
RCS file: /home/cvs/ws-soap/java/src/org/apache/soap/util/xml/DOMUtils.java,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- DOMUtils.java 7 Apr 2004 20:51:40 -0000 1.10
+++ DOMUtils.java 27 Jun 2005 20:42:05 -0000 1.11
@@ -97,6 +97,8 @@
case Node.TEXT_NODE :
case Node.CDATA_SECTION_NODE :
return ((CharacterData)tempNode).getData();
+ case Node.ENTITY_REFERENCE_NODE:
+ return getEntityValue(tempNode.getNodeName());
}
return "";
}
@@ -108,6 +110,9 @@
case Node.CDATA_SECTION_NODE :
strBuf.append(((CharacterData)tempNode).getData());
break;
+ case Node.ENTITY_REFERENCE_NODE:
+ strBuf.append(getEntityValue(tempNode.getNodeName()));
+ break;
}
tempNode = nextNode;
if (tempNode != null)
@@ -119,6 +124,29 @@
}
/**
+ * Returns the value for an entity, either substituting for
+ * well-known entities or returning the entity literal. We
+ * translate our own entities as protection from DOS attack
+ * when the parser expands entities.
+ *
+ * @param entityName The name of the entity.
+ * @return The entity value.
+ */
+ protected static String getEntityValue(String entityName) {
+ if (entityName.equals("lt"))
+ return "<";
+ if (entityName.equals("amp"))
+ return "&";
+ if (entityName.equals("gt"))
+ return ">";
+ if (entityName.equals("quot"))
+ return "\"";
+ if (entityName.equals("apos"))
+ return "\'";
+ return "&" + entityName + ";";
+ }
+
+ /**
* Return the first child element of the given element. Null if no
* children are found.
*
1.11 +2 -2 ws-soap/java/src/org/apache/soap/util/xml/QName.java
Index: QName.java
===================================================================
RCS file: /home/cvs/ws-soap/java/src/org/apache/soap/util/xml/QName.java,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- QName.java 7 Apr 2004 20:51:40 -0000 1.10
+++ QName.java 27 Jun 2005 20:42:05 -0000 1.11
@@ -150,7 +150,7 @@
*/
public String toString()
{
- return new StringBuffer(namespaceURI.length() + 1 + localPart.length())
- .append(namespaceURI).append(':').append(localPart).toString();
+ return new StringBuffer(namespaceURI.length() + 2 + localPart.length())
+ .append('{').append(namespaceURI).append('}').append(localPart).toString();
}
}
1.13 +2 -2 ws-soap/java/src/org/apache/soap/util/xml/XMLParserUtils.java
Index: XMLParserUtils.java
===================================================================
RCS file: /home/cvs/ws-soap/java/src/org/apache/soap/util/xml/XMLParserUtils.java,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- XMLParserUtils.java 24 Jun 2005 22:55:57 -0000 1.12
+++ XMLParserUtils.java 27 Jun 2005 20:42:05 -0000 1.13
@@ -47,7 +47,7 @@
static {
// Create a default instance.
- refreshDocumentBuilderFactory(null, true, false, true);
+ refreshDocumentBuilderFactory(null, true, false, false);
}
/**
@@ -77,7 +77,7 @@
refreshDocumentBuilderFactory(factoryClassName,
namespaceAware,
validating,
- true);
+ false);
}
/**