From: cantor Date: Wed, 12 Dec 2007 02:18:45 +0000 (+0000) Subject: Install SecurityManager to block entity expansion. X-Git-Tag: 1.4.1~380 X-Git-Url: http://www.project-moonshot.org/gitweb/?p=shibboleth%2Fxmltooling.git;a=commitdiff_plain;h=e637f39e1221fc6fc4ea544c4c9f23bd73ca9965 Install SecurityManager to block entity expansion. git-svn-id: https://svn.middleware.georgetown.edu/cpp-xmltooling/trunk@447 de75baf8-a10c-0410-a50a-987c0e22f00f --- diff --git a/xmltooling/util/ParserPool.cpp b/xmltooling/util/ParserPool.cpp index 693cef4..b2bc5b8 100644 --- a/xmltooling/util/ParserPool.cpp +++ b/xmltooling/util/ParserPool.cpp @@ -43,7 +43,7 @@ using namespace xmltooling; using namespace std; ParserPool::ParserPool(bool namespaceAware, bool schemaAware) - : m_namespaceAware(namespaceAware), m_schemaAware(schemaAware), m_lock(Mutex::create()) {} + : m_namespaceAware(namespaceAware), m_schemaAware(schemaAware), m_lock(Mutex::create()), m_security(new SecurityManager()) {} ParserPool::~ParserPool() { @@ -52,6 +52,7 @@ ParserPool::~ParserPool() m_pool.pop(); } delete m_lock; + delete m_security; } DOMDocument* ParserPool::newDocument() @@ -320,6 +321,7 @@ DOMBuilder* ParserPool::createBuilder() parser->setProperty(XMLUni::fgXercesSchemaExternalSchemaLocation,const_cast(temp.get())); #endif } + parser->setProperty(XMLUni::fgXercesSecurityManager, m_security); parser->setFeature(XMLUni::fgXercesUserAdoptsDOMDocument,true); parser->setEntityResolver(this); parser->setErrorHandler(this); diff --git a/xmltooling/util/ParserPool.h b/xmltooling/util/ParserPool.h index ebc7bf1..3dcdde6 100644 --- a/xmltooling/util/ParserPool.h +++ b/xmltooling/util/ParserPool.h @@ -32,6 +32,7 @@ #include #include #include +#include #if defined (_MSC_VER) #pragma warning( push ) @@ -130,6 +131,7 @@ namespace xmltooling { bool m_namespaceAware,m_schemaAware; std::stack m_pool; Mutex* m_lock; + xercesc::SecurityManager* m_security; }; /**