mirror of https://github.com/apache/poi.git
Add Dominik's suggestion to DocumentBuilderFactories. I also removed the setXIncludeAware(false) in XMLHelper, because it causes the same problem and is disabled by default.
git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1618644 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
70f4e1d885
commit
b89e0499d3
|
@ -19,7 +19,6 @@ package org.apache.poi.util;
|
|||
|
||||
import javax.xml.XMLConstants;
|
||||
import javax.xml.parsers.DocumentBuilderFactory;
|
||||
import javax.xml.parsers.ParserConfigurationException;
|
||||
|
||||
/**
|
||||
* Helper methods for working with javax.xml classes.
|
||||
|
@ -27,22 +26,31 @@ import javax.xml.parsers.ParserConfigurationException;
|
|||
*/
|
||||
public final class XMLHelper
|
||||
{
|
||||
private static POILogger logger = POILogFactory.getLogger(XMLHelper.class);
|
||||
|
||||
/**
|
||||
* Creates a new DocumentBuilderFactory, with sensible defaults
|
||||
*/
|
||||
public static DocumentBuilderFactory getDocumentBuilderFactory() {
|
||||
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
|
||||
factory.setExpandEntityReferences(false);
|
||||
trySetSAXFeature(factory, XMLConstants.FEATURE_SECURE_PROCESSING, true);
|
||||
trySetSAXFeature(factory, "http://xml.org/sax/features/external-general-entities", false);
|
||||
trySetSAXFeature(factory, "http://xml.org/sax/features/external-parameter-entities", false);
|
||||
trySetSAXFeature(factory, "http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
|
||||
trySetSAXFeature(factory, "http://apache.org/xml/features/nonvalidating/load-dtd-grammar", false);
|
||||
return factory;
|
||||
}
|
||||
|
||||
private static void trySetSAXFeature(DocumentBuilderFactory documentBuilderFactory, String feature, boolean enabled) {
|
||||
try {
|
||||
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
|
||||
factory.setXIncludeAware(false);
|
||||
factory.setExpandEntityReferences(false);
|
||||
factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
|
||||
factory.setFeature("http://xml.org/sax/features/external-general-entities", false);
|
||||
factory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
|
||||
factory.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
|
||||
factory.setFeature("http://apache.org/xml/features/nonvalidating/load-dtd-grammar", false);
|
||||
return factory;
|
||||
} catch (ParserConfigurationException e) {
|
||||
throw new RuntimeException("Broken XML Setup", e);
|
||||
documentBuilderFactory.setFeature(feature, enabled);
|
||||
} catch (Exception e) {
|
||||
logger.log(POILogger.WARN, "SAX Feature unsupported", feature, e);
|
||||
} catch (AbstractMethodError ame) {
|
||||
logger.log(POILogger.WARN, "Cannot set SAX feature because outdated XML parser in classpath", feature, ame);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
|
|
@ -61,9 +61,12 @@ public final class DocumentHelper {
|
|||
try {
|
||||
documentBuilderFactory.setFeature(feature, enabled);
|
||||
} catch (Exception e) {
|
||||
logger.log(POILogger.INFO, "SAX Feature unsupported", feature, e);
|
||||
logger.log(POILogger.WARN, "SAX Feature unsupported", feature, e);
|
||||
} catch (AbstractMethodError ame) {
|
||||
logger.log(POILogger.WARN, "Cannot set SAX feature because outdated XML parser in classpath", feature, ame);
|
||||
}
|
||||
}
|
||||
|
||||
private static void trySetXercesSecurityManager(DocumentBuilderFactory documentBuilderFactory) {
|
||||
// Try built-in JVM one first, standalone if not
|
||||
for (String securityManagerClassName : new String[] {
|
||||
|
@ -78,7 +81,7 @@ public final class DocumentHelper {
|
|||
// Stop once one can be setup without error
|
||||
return;
|
||||
} catch (Exception e) {
|
||||
logger.log(POILogger.INFO, "SAX Security Manager could not be setup", e);
|
||||
logger.log(POILogger.WARN, "SAX Security Manager could not be setup", e);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -69,7 +69,9 @@ public final class SAXHelper {
|
|||
try {
|
||||
xmlReader.setFeature(feature, enabled);
|
||||
} catch (Exception e) {
|
||||
logger.log(POILogger.INFO, "SAX Feature unsupported", feature, e);
|
||||
logger.log(POILogger.WARN, "SAX Feature unsupported", feature, e);
|
||||
} catch (AbstractMethodError ame) {
|
||||
logger.log(POILogger.WARN, "Cannot set SAX feature because outdated XML parser in classpath", feature, ame);
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -87,7 +89,7 @@ public final class SAXHelper {
|
|||
// Stop once one can be setup without error
|
||||
return;
|
||||
} catch (Exception e) {
|
||||
logger.log(POILogger.INFO, "SAX Security Manager could not be setup", e);
|
||||
logger.log(POILogger.WARN, "SAX Security Manager could not be setup", e);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue