From e637f39e1221fc6fc4ea544c4c9f23bd73ca9965 Mon Sep 17 00:00:00 2001 From: cantor Date: Wed, 12 Dec 2007 02:18:45 +0000 Subject: [PATCH] Install SecurityManager to block entity expansion. git-svn-id: https://svn.middleware.georgetown.edu/cpp-xmltooling/trunk@447 de75baf8-a10c-0410-a50a-987c0e22f00f --- xmltooling/util/ParserPool.cpp | 4 +++- xmltooling/util/ParserPool.h | 2 ++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/xmltooling/util/ParserPool.cpp b/xmltooling/util/ParserPool.cpp index 693cef4..b2bc5b8 100644 --- a/xmltooling/util/ParserPool.cpp +++ b/xmltooling/util/ParserPool.cpp @@ -43,7 +43,7 @@ using namespace xmltooling; using namespace std; ParserPool::ParserPool(bool namespaceAware, bool schemaAware) - : m_namespaceAware(namespaceAware), m_schemaAware(schemaAware), m_lock(Mutex::create()) {} + : m_namespaceAware(namespaceAware), m_schemaAware(schemaAware), m_lock(Mutex::create()), m_security(new SecurityManager()) {} ParserPool::~ParserPool() { @@ -52,6 +52,7 @@ ParserPool::~ParserPool() m_pool.pop(); } delete m_lock; + delete m_security; } DOMDocument* ParserPool::newDocument() @@ -320,6 +321,7 @@ DOMBuilder* ParserPool::createBuilder() parser->setProperty(XMLUni::fgXercesSchemaExternalSchemaLocation,const_cast(temp.get())); #endif } + parser->setProperty(XMLUni::fgXercesSecurityManager, m_security); parser->setFeature(XMLUni::fgXercesUserAdoptsDOMDocument,true); parser->setEntityResolver(this); parser->setErrorHandler(this); diff --git a/xmltooling/util/ParserPool.h b/xmltooling/util/ParserPool.h index ebc7bf1..3dcdde6 100644 --- a/xmltooling/util/ParserPool.h +++ b/xmltooling/util/ParserPool.h @@ -32,6 +32,7 @@ #include #include #include +#include #if defined (_MSC_VER) #pragma warning( push ) @@ -130,6 +131,7 @@ namespace xmltooling { bool m_namespaceAware,m_schemaAware; std::stack m_pool; Mutex* m_lock; + xercesc::SecurityManager* m_security; }; /** -- 2.1.4