Merged revision(s) 1569991, 1615720, 1615731, 1615780-1615781, 1615893, 1589759 from poi/trunk:

Apply suggestions from Uwe Schindler for more secure xml defaults for #54764 and #56164, for xml parsers which support them
........
Add another test file for #54764, and a test that uses it
........
Change the default XMLBeans version used for running to be 2.6, leave 2.3 for compiling the schemas (for maximum compatibility)
........
Before parsing an OOXML document, reset the xmlbeans sax parser to avoid the risk of getting one in an error state (due to XMLBEANS-512). Should be a minimal extra overhead pending a proper fix. Allows us to finish enabling the unit tests for #54764
........
Correct xmlbeans 2.6 url

git-svn-id: https://svn.apache.org/repos/asf/poi/branches/REL_3_10_BRANCH@1616509 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Uwe Schindler 2014-08-07 15:25:17 +00:00
parent dfa98753ac
commit 103b45073c
17 changed files with 270 additions and 57 deletions

View File

@ -20,7 +20,7 @@
<classpathentry kind="lib" path="lib/log4j-1.2.13.jar"/> <classpathentry kind="lib" path="lib/log4j-1.2.13.jar"/>
<classpathentry kind="lib" path="ooxml-lib/dom4j-1.6.1.jar"/> <classpathentry kind="lib" path="ooxml-lib/dom4j-1.6.1.jar"/>
<classpathentry kind="lib" path="ooxml-lib/stax-api-1.0.1.jar"/> <classpathentry kind="lib" path="ooxml-lib/stax-api-1.0.1.jar"/>
<classpathentry kind="lib" path="ooxml-lib/xmlbeans-2.3.0.jar"/> <classpathentry kind="lib" path="ooxml-lib/xmlbeans-2.6.0.jar"/>
<classpathentry kind="lib" path="lib/hamcrest-core-1.3.jar"/> <classpathentry kind="lib" path="lib/hamcrest-core-1.3.jar"/>
<classpathentry kind="lib" path="lib/junit-4.11.jar"/> <classpathentry kind="lib" path="lib/junit-4.11.jar"/>
<classpathentry kind="lib" path="ooxml-lib/ooxml-schemas-1.1.jar" sourcepath="ooxml-lib/ooxml-schemas-src-1.1.jar"/> <classpathentry kind="lib" path="ooxml-lib/ooxml-schemas-1.1.jar" sourcepath="ooxml-lib/ooxml-schemas-src-1.1.jar"/>

View File

@ -146,9 +146,12 @@ under the License.
<!-- jars in the lib-ooxml directory, see the fetch-ooxml-jars target--> <!-- jars in the lib-ooxml directory, see the fetch-ooxml-jars target-->
<property name="ooxml.dom4j.jar" location="${ooxml.lib}/dom4j-1.6.1.jar"/> <property name="ooxml.dom4j.jar" location="${ooxml.lib}/dom4j-1.6.1.jar"/>
<property name="ooxml.dom4j.url" value="${repository.m2}/maven2/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar"/> <property name="ooxml.dom4j.url" value="${repository.m2}/maven2/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar"/>
<property name="ooxml.xmlbeans.jar" location="${ooxml.lib}/xmlbeans-2.3.0.jar"/> <property name="ooxml.xmlbeans23.jar" location="${ooxml.lib}/xmlbeans-2.3.0.jar"/>
<property name="ooxml.xmlbeans.url" <property name="ooxml.xmlbeans23.url"
value="${repository.m2}/maven2/org/apache/xmlbeans/xmlbeans/2.3.0/xmlbeans-2.3.0.jar"/> value="${repository.m2}/maven2/org/apache/xmlbeans/xmlbeans/2.3.0/xmlbeans-2.3.0.jar"/>
<property name="ooxml.xmlbeans26.jar" location="${ooxml.lib}/xmlbeans-2.6.0.jar"/>
<property name="ooxml.xmlbeans26.url"
value="${repository.m2}/maven2/org/apache/xmlbeans/xmlbeans/2.6.0/xmlbeans-2.6.0.jar"/>
<property name="ooxml.jsr173.jar" location="${ooxml.lib}/stax-api-1.0.1.jar"/> <property name="ooxml.jsr173.jar" location="${ooxml.lib}/stax-api-1.0.1.jar"/>
<property name="ooxml.jsr173.url" value="${repository.m2}/maven2/stax/stax-api/1.0.1/stax-api-1.0.1.jar"/> <property name="ooxml.jsr173.url" value="${repository.m2}/maven2/stax/stax-api/1.0.1/stax-api-1.0.1.jar"/>
@ -218,7 +221,7 @@ under the License.
<path id="ooxml.classpath"> <path id="ooxml.classpath">
<pathelement location="${ooxml.jsr173.jar}"/> <pathelement location="${ooxml.jsr173.jar}"/>
<pathelement location="${ooxml.dom4j.jar}"/> <pathelement location="${ooxml.dom4j.jar}"/>
<pathelement location="${ooxml.xmlbeans.jar}"/> <pathelement location="${ooxml.xmlbeans26.jar}"/>
<pathelement location="${ooxml.xsds.jar}"/> <pathelement location="${ooxml.xsds.jar}"/>
<path refid="main.classpath"/> <path refid="main.classpath"/>
<pathelement location="${main.output.dir}"/> <pathelement location="${main.output.dir}"/>
@ -249,7 +252,7 @@ under the License.
<path id="ooxml-lite.classpath"> <path id="ooxml-lite.classpath">
<pathelement location="${ooxml.jsr173.jar}"/> <pathelement location="${ooxml.jsr173.jar}"/>
<pathelement location="${ooxml.dom4j.jar}"/> <pathelement location="${ooxml.dom4j.jar}"/>
<pathelement location="${ooxml.xmlbeans.jar}"/> <pathelement location="${ooxml.xmlbeans26.jar}"/>
<pathelement location="build/ooxml-xsds-lite"/> <!-- instead of ooxml-xsds.jar use the filtered classes--> <pathelement location="build/ooxml-xsds-lite"/> <!-- instead of ooxml-xsds.jar use the filtered classes-->
<path refid="main.classpath"/> <path refid="main.classpath"/>
<pathelement location="${main.output.dir}"/> <pathelement location="${main.output.dir}"/>
@ -408,7 +411,8 @@ under the License.
<or> <or>
<and> <and>
<available file="${ooxml.dom4j.jar}"/> <available file="${ooxml.dom4j.jar}"/>
<available file="${ooxml.xmlbeans.jar}"/> <available file="${ooxml.xmlbeans23.jar}"/>
<available file="${ooxml.xmlbeans26.jar}"/>
<available file="${ooxml.jsr173.jar}"/> <available file="${ooxml.jsr173.jar}"/>
<available file="${ooxml.xsds.jar}"/> <available file="${ooxml.xsds.jar}"/>
</and> </and>
@ -423,13 +427,17 @@ under the License.
<param name="destfile" value="${ooxml.dom4j.jar}"/> <param name="destfile" value="${ooxml.dom4j.jar}"/>
</antcall> </antcall>
<antcall target="downloadfile"> <antcall target="downloadfile">
<param name="sourcefile" value="${ooxml.xmlbeans.url}"/> <param name="sourcefile" value="${ooxml.xmlbeans23.url}"/>
<param name="destfile" value="${ooxml.xmlbeans.jar}"/> <param name="destfile" value="${ooxml.xmlbeans23.jar}"/>
</antcall> </antcall>
<antcall target="downloadfile"> <antcall target="downloadfile">
<param name="sourcefile" value="${ooxml.jsr173.url}"/> <param name="sourcefile" value="${ooxml.jsr173.url}"/>
<param name="destfile" value="${ooxml.jsr173.jar}"/> <param name="destfile" value="${ooxml.jsr173.jar}"/>
</antcall> </antcall>
<antcall target="downloadfile">
<param name="sourcefile" value="${ooxml.xmlbeans26.url}"/>
<param name="destfile" value="${ooxml.xmlbeans26.jar}"/>
</antcall>
</target> </target>
<target name="check-ooxml-xsds"> <target name="check-ooxml-xsds">
@ -474,7 +482,7 @@ under the License.
<taskdef name="xmlbean" <taskdef name="xmlbean"
classname="org.apache.xmlbeans.impl.tool.XMLBean" classname="org.apache.xmlbeans.impl.tool.XMLBean"
classpath="${ooxml.xmlbeans.jar}:${ooxml.jsr173.jar}"/> classpath="${ooxml.xmlbeans23.jar}:${ooxml.jsr173.jar}"/>
<!-- We need a fair amount of memory to compile the xml schema, --> <!-- We need a fair amount of memory to compile the xml schema, -->
<!-- but limit it in case it goes wrong! --> <!-- but limit it in case it goes wrong! -->
@ -513,7 +521,7 @@ under the License.
description="Compiles the OOXML encryption xsd files into XmlBeans"> description="Compiles the OOXML encryption xsd files into XmlBeans">
<taskdef name="xmlbean" <taskdef name="xmlbean"
classname="org.apache.xmlbeans.impl.tool.XMLBean" classname="org.apache.xmlbeans.impl.tool.XMLBean"
classpath="${ooxml.xmlbeans.jar}:${ooxml.jsr173.jar}"/> classpath="${ooxml.xmlbeans23.jar}:${ooxml.jsr173.jar}"/>
<!-- We need a fair amount of memory to compile the xml schema, --> <!-- We need a fair amount of memory to compile the xml schema, -->
<!-- but limit it in case it goes wrong! --> <!-- but limit it in case it goes wrong! -->
@ -1255,7 +1263,7 @@ under the License.
<zipfileset dir="${ooxml.lib}" prefix="${zipdir}/ooxml-lib"> <zipfileset dir="${ooxml.lib}" prefix="${zipdir}/ooxml-lib">
<include name="dom4j-*.jar"/> <include name="dom4j-*.jar"/>
<include name="stax-api-*.jar"/> <include name="stax-api-*.jar"/>
<include name="xmlbeans-*.jar"/> <include name="xmlbeans-2.6*.jar"/>
</zipfileset> </zipfileset>
<zipfileset dir="${dist.dir}" prefix="${zipdir}"> <zipfileset dir="${dist.dir}" prefix="${zipdir}">
<patternset refid="bin.dist.jars"/> <patternset refid="bin.dist.jars"/>
@ -1284,7 +1292,7 @@ under the License.
<tarfileset dir="${ooxml.lib}" prefix="${zipdir}/ooxml-lib"> <tarfileset dir="${ooxml.lib}" prefix="${zipdir}/ooxml-lib">
<include name="dom4j-*.jar"/> <include name="dom4j-*.jar"/>
<include name="stax-api-*.jar"/> <include name="stax-api-*.jar"/>
<include name="xmlbeans-*.jar"/> <include name="xmlbeans-2.6*.jar"/>
</tarfileset> </tarfileset>
<tarfileset dir="${build.site}" prefix="${zipdir}/docs"/> <tarfileset dir="${build.site}" prefix="${zipdir}/docs"/>
<tarfileset dir="${dist.dir}" prefix="${zipdir}"> <tarfileset dir="${dist.dir}" prefix="${zipdir}">

View File

@ -62,7 +62,7 @@
<dependency> <dependency>
<groupId>org.apache.xmlbeans</groupId> <groupId>org.apache.xmlbeans</groupId>
<artifactId>xmlbeans</artifactId> <artifactId>xmlbeans</artifactId>
<version>2.3.0</version> <version>2.6.0</version>
</dependency> </dependency>
</dependencies> </dependencies>
</project> </project>

View File

@ -34,6 +34,7 @@ import org.apache.poi.openxml4j.opc.PackageRelationship;
import org.apache.poi.openxml4j.opc.PackageRelationshipCollection; import org.apache.poi.openxml4j.opc.PackageRelationshipCollection;
import org.apache.poi.poifs.common.POIFSConstants; import org.apache.poi.poifs.common.POIFSConstants;
import org.apache.poi.util.IOUtils; import org.apache.poi.util.IOUtils;
import org.apache.xmlbeans.impl.common.SystemCache;
public abstract class POIXMLDocument extends POIXMLDocumentPart{ public abstract class POIXMLDocument extends POIXMLDocumentPart{
public static final String DOCUMENT_CREATOR = "Apache POI"; public static final String DOCUMENT_CREATOR = "Apache POI";
@ -55,6 +56,11 @@ public abstract class POIXMLDocument extends POIXMLDocumentPart{
protected POIXMLDocument(OPCPackage pkg) { protected POIXMLDocument(OPCPackage pkg) {
super(pkg); super(pkg);
this.pkg = pkg; this.pkg = pkg;
// Workaround for XMLBEANS-512 - ensure that when we parse
// the file, we start with a fresh XML Parser each time,
// and avoid the risk of getting a SaxHandler that's in error
SystemCache.get().setSaxLoader(null);
} }
/** /**

View File

@ -22,10 +22,10 @@ import java.util.ArrayList;
import java.util.Iterator; import java.util.Iterator;
import java.util.TreeMap; import java.util.TreeMap;
import org.apache.poi.util.SAXHelper;
import org.dom4j.Attribute; import org.dom4j.Attribute;
import org.dom4j.Document; import org.dom4j.Document;
import org.dom4j.Element; import org.dom4j.Element;
import org.dom4j.io.SAXReader;
import org.apache.poi.openxml4j.exceptions.InvalidFormatException; import org.apache.poi.openxml4j.exceptions.InvalidFormatException;
import org.apache.poi.openxml4j.exceptions.InvalidOperationException; import org.apache.poi.openxml4j.exceptions.InvalidOperationException;
import org.apache.poi.util.POILogger; import org.apache.poi.util.POILogger;
@ -298,21 +298,19 @@ public final class PackageRelationshipCollection implements
return relationshipsByID.values().size(); return relationshipsByID.values().size();
} }
/** /**
* Parse the relationship part and add all relationship in this collection. * Parse the relationship part and add all relationship in this collection.
* *
* @param relPart * @param relPart
* The package part to parse. * The package part to parse.
* @throws InvalidFormatException * @throws InvalidFormatException
* Throws if the relationship part is invalid. * Throws if the relationship part is invalid.
*/ */
private void parseRelationshipsPart(PackagePart relPart) private void parseRelationshipsPart(PackagePart relPart)
throws InvalidFormatException { throws InvalidFormatException {
try { try {
SAXReader reader = new SAXReader(); logger.log(POILogger.DEBUG, "Parsing relationship: " + relPart.getPartName());
logger.log(POILogger.DEBUG, "Parsing relationship: " + relPart.getPartName()); Document xmlRelationshipsDoc = SAXHelper.readSAXDocument(relPart.getInputStream());
Document xmlRelationshipsDoc = reader
.read(relPart.getInputStream());
// Browse default types // Browse default types
Element root = xmlRelationshipsDoc.getRootElement(); Element root = xmlRelationshipsDoc.getRootElement();

View File

@ -23,8 +23,8 @@ import java.net.URI;
import java.net.URISyntaxException; import java.net.URISyntaxException;
import java.util.Iterator; import java.util.Iterator;
import java.util.List; import java.util.List;
import java.util.TreeMap;
import java.util.Map.Entry; import java.util.Map.Entry;
import java.util.TreeMap;
import org.apache.poi.openxml4j.exceptions.InvalidFormatException; import org.apache.poi.openxml4j.exceptions.InvalidFormatException;
import org.apache.poi.openxml4j.exceptions.InvalidOperationException; import org.apache.poi.openxml4j.exceptions.InvalidOperationException;
@ -33,13 +33,13 @@ import org.apache.poi.openxml4j.opc.OPCPackage;
import org.apache.poi.openxml4j.opc.PackagePart; import org.apache.poi.openxml4j.opc.PackagePart;
import org.apache.poi.openxml4j.opc.PackagePartName; import org.apache.poi.openxml4j.opc.PackagePartName;
import org.apache.poi.openxml4j.opc.PackagingURIHelper; import org.apache.poi.openxml4j.opc.PackagingURIHelper;
import org.apache.poi.util.SAXHelper;
import org.dom4j.Document; import org.dom4j.Document;
import org.dom4j.DocumentException; import org.dom4j.DocumentException;
import org.dom4j.DocumentHelper; import org.dom4j.DocumentHelper;
import org.dom4j.Element; import org.dom4j.Element;
import org.dom4j.Namespace; import org.dom4j.Namespace;
import org.dom4j.QName; import org.dom4j.QName;
import org.dom4j.io.SAXReader;
/** /**
* Manage package content types ([Content_Types].xml part). * Manage package content types ([Content_Types].xml part).
@ -373,8 +373,7 @@ public abstract class ContentTypeManager {
private void parseContentTypesFile(InputStream in) private void parseContentTypesFile(InputStream in)
throws InvalidFormatException { throws InvalidFormatException {
try { try {
SAXReader xmlReader = new SAXReader(); Document xmlContentTypetDoc = SAXHelper.readSAXDocument(in);
Document xmlContentTypetDoc = xmlReader.read(in);
// Default content types // Default content types
List defaultTypes = xmlContentTypetDoc.getRootElement().elements( List defaultTypes = xmlContentTypetDoc.getRootElement().elements(

View File

@ -23,13 +23,6 @@ import java.util.Iterator;
import java.util.List; import java.util.List;
import java.util.zip.ZipEntry; import java.util.zip.ZipEntry;
import org.dom4j.Attribute;
import org.dom4j.Document;
import org.dom4j.DocumentException;
import org.dom4j.Element;
import org.dom4j.Namespace;
import org.dom4j.QName;
import org.dom4j.io.SAXReader;
import org.apache.poi.openxml4j.exceptions.InvalidFormatException; import org.apache.poi.openxml4j.exceptions.InvalidFormatException;
import org.apache.poi.openxml4j.opc.PackageNamespaces; import org.apache.poi.openxml4j.opc.PackageNamespaces;
import org.apache.poi.openxml4j.opc.PackagePart; import org.apache.poi.openxml4j.opc.PackagePart;
@ -38,6 +31,13 @@ import org.apache.poi.openxml4j.opc.ZipPackage;
import org.apache.poi.openxml4j.opc.internal.PackagePropertiesPart; import org.apache.poi.openxml4j.opc.internal.PackagePropertiesPart;
import org.apache.poi.openxml4j.opc.internal.PartUnmarshaller; import org.apache.poi.openxml4j.opc.internal.PartUnmarshaller;
import org.apache.poi.openxml4j.opc.internal.ZipHelper; import org.apache.poi.openxml4j.opc.internal.ZipHelper;
import org.apache.poi.util.SAXHelper;
import org.dom4j.Attribute;
import org.dom4j.Document;
import org.dom4j.DocumentException;
import org.dom4j.Element;
import org.dom4j.Namespace;
import org.dom4j.QName;
/** /**
* Package properties unmarshaller. * Package properties unmarshaller.
@ -118,10 +118,9 @@ public final class PackagePropertiesUnmarshaller implements PartUnmarshaller {
"Error while trying to get the part input stream."); "Error while trying to get the part input stream.");
} }
SAXReader xmlReader = new SAXReader();
Document xmlDoc; Document xmlDoc;
try { try {
xmlDoc = xmlReader.read(in); xmlDoc = SAXHelper.readSAXDocument(in);
/* Check OPC compliance */ /* Check OPC compliance */

View File

@ -0,0 +1,92 @@
/* ====================================================================
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
==================================================================== */
package org.apache.poi.util;
import java.io.IOException;
import java.io.InputStream;
import java.io.StringReader;
import java.lang.reflect.Method;
import javax.xml.XMLConstants;
import org.dom4j.Document;
import org.dom4j.DocumentException;
import org.dom4j.io.SAXReader;
import org.xml.sax.EntityResolver;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;
/**
* Provides handy methods for working with SAX parsers and readers
*/
public final class SAXHelper {
private static POILogger logger = POILogFactory.getLogger(SAXHelper.class);
/**
* Creates a new SAX Reader, with sensible defaults
*/
public static SAXReader getSAXReader() {
SAXReader xmlReader = new SAXReader();
xmlReader.setValidation(false);
xmlReader.setEntityResolver(new EntityResolver() {
public InputSource resolveEntity(String publicId, String systemId)
throws SAXException, IOException {
return new InputSource(new StringReader(""));
}
});
trySetSAXFeature(xmlReader, XMLConstants.FEATURE_SECURE_PROCESSING, true);
trySetXercesSecurityManager(xmlReader);
return xmlReader;
}
private static void trySetSAXFeature(SAXReader xmlReader, String feature, boolean enabled) {
try {
xmlReader.setFeature(feature, enabled);
} catch (Exception e) {
logger.log(POILogger.INFO, "SAX Feature unsupported", feature, e);
}
}
private static void trySetXercesSecurityManager(SAXReader xmlReader) {
// Try built-in JVM one first, standalone if not
for (String securityManagerClassName : new String[] {
"com.sun.org.apache.xerces.internal.util.SecurityManager",
"org.apache.xerces.util.SecurityManager"
}) {
try {
Object mgr = Class.forName(securityManagerClassName).newInstance();
Method setLimit = mgr.getClass().getMethod("setEntityExpansionLimit", Integer.TYPE);
setLimit.invoke(mgr, 4096);
xmlReader.setProperty("http://apache.org/xml/properties/security-manager", mgr);
// Stop once one can be setup without error
return;
} catch (Exception e) {
logger.log(POILogger.INFO, "SAX Security Manager could not be setup", e);
}
}
}
/**
* Parses the given stream via the default (sensible)
* SAX Reader
* @param inp Stream to read the XML data from
* @return the SAX processed Document
*/
public static Document readSAXDocument(InputStream inp) throws DocumentException {
return getSAXReader().read(inp);
}
}

View File

@ -20,16 +20,20 @@ package org.apache.poi.xssf.model;
import java.io.IOException; import java.io.IOException;
import java.io.InputStream; import java.io.InputStream;
import java.io.OutputStream; import java.io.OutputStream;
import java.util.*; import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.apache.poi.POIXMLDocumentPart;
import org.apache.poi.openxml4j.opc.PackagePart;
import org.apache.poi.openxml4j.opc.PackageRelationship;
import org.apache.xmlbeans.XmlException; import org.apache.xmlbeans.XmlException;
import org.apache.xmlbeans.XmlOptions; import org.apache.xmlbeans.XmlOptions;
import org.apache.poi.POIXMLDocumentPart;
import org.openxmlformats.schemas.spreadsheetml.x2006.main.CTRst; import org.openxmlformats.schemas.spreadsheetml.x2006.main.CTRst;
import org.openxmlformats.schemas.spreadsheetml.x2006.main.CTSst; import org.openxmlformats.schemas.spreadsheetml.x2006.main.CTSst;
import org.openxmlformats.schemas.spreadsheetml.x2006.main.SstDocument; import org.openxmlformats.schemas.spreadsheetml.x2006.main.SstDocument;
import org.apache.poi.openxml4j.opc.PackagePart;
import org.apache.poi.openxml4j.opc.PackageRelationship;
/** /**

View File

@ -17,10 +17,19 @@
package org.apache.poi.openxml4j.opc; package org.apache.poi.openxml4j.opc;
import java.io.*; import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.lang.reflect.Field; import java.lang.reflect.Field;
import java.net.URI; import java.net.URI;
import java.util.*; import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.TreeMap;
import java.util.regex.Pattern; import java.util.regex.Pattern;
import junit.framework.TestCase; import junit.framework.TestCase;
@ -31,15 +40,15 @@ import org.apache.poi.openxml4j.exceptions.InvalidOperationException;
import org.apache.poi.openxml4j.opc.internal.ContentTypeManager; import org.apache.poi.openxml4j.opc.internal.ContentTypeManager;
import org.apache.poi.openxml4j.opc.internal.FileHelper; import org.apache.poi.openxml4j.opc.internal.FileHelper;
import org.apache.poi.openxml4j.opc.internal.PackagePropertiesPart; import org.apache.poi.openxml4j.opc.internal.PackagePropertiesPart;
import org.apache.poi.util.TempFile;
import org.apache.poi.util.POILogger;
import org.apache.poi.util.POILogFactory; import org.apache.poi.util.POILogFactory;
import org.apache.poi.util.POILogger;
import org.apache.poi.util.SAXHelper;
import org.apache.poi.util.TempFile;
import org.dom4j.Document; import org.dom4j.Document;
import org.dom4j.DocumentHelper; import org.dom4j.DocumentHelper;
import org.dom4j.Element; import org.dom4j.Element;
import org.dom4j.Namespace; import org.dom4j.Namespace;
import org.dom4j.QName; import org.dom4j.QName;
import org.dom4j.io.SAXReader;
public final class TestPackage extends TestCase { public final class TestPackage extends TestCase {
private static final POILogger logger = POILogFactory.getLogger(TestPackage.class); private static final POILogger logger = POILogFactory.getLogger(TestPackage.class);
@ -211,9 +220,8 @@ public final class TestPackage extends TestCase {
private void assertMSCompatibility(OPCPackage pkg) throws Exception { private void assertMSCompatibility(OPCPackage pkg) throws Exception {
PackagePartName relName = PackagingURIHelper.createPartName(PackageRelationship.getContainerPartRelationship()); PackagePartName relName = PackagingURIHelper.createPartName(PackageRelationship.getContainerPartRelationship());
PackagePart relPart = pkg.getPart(relName); PackagePart relPart = pkg.getPart(relName);
SAXReader reader = new SAXReader();
Document xmlRelationshipsDoc = reader Document xmlRelationshipsDoc = SAXHelper.readSAXDocument(relPart.getInputStream());
.read(relPart.getInputStream());
Element root = xmlRelationshipsDoc.getRootElement(); Element root = xmlRelationshipsDoc.getRootElement();
for (Iterator i = root for (Iterator i = root

View File

@ -21,6 +21,7 @@ import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream; import java.io.ByteArrayOutputStream;
import java.io.File; import java.io.File;
import java.io.IOException; import java.io.IOException;
import java.io.InputStream;
import java.text.ParsePosition; import java.text.ParsePosition;
import java.text.SimpleDateFormat; import java.text.SimpleDateFormat;
import java.util.Date; import java.util.Date;
@ -33,8 +34,8 @@ import org.apache.poi.openxml4j.exceptions.InvalidFormatException;
import org.apache.poi.openxml4j.exceptions.OpenXML4JException; import org.apache.poi.openxml4j.exceptions.OpenXML4JException;
import org.apache.poi.openxml4j.opc.internal.PackagePropertiesPart; import org.apache.poi.openxml4j.opc.internal.PackagePropertiesPart;
import org.apache.poi.openxml4j.util.Nullable; import org.apache.poi.openxml4j.util.Nullable;
import org.apache.poi.util.POILogger;
import org.apache.poi.util.POILogFactory; import org.apache.poi.util.POILogFactory;
import org.apache.poi.util.POILogger;
public final class TestPackageCoreProperties extends TestCase { public final class TestPackageCoreProperties extends TestCase {
private static final POILogger logger = POILogFactory.getLogger(TestPackageCoreProperties.class); private static final POILogger logger = POILogFactory.getLogger(TestPackageCoreProperties.class);
@ -197,4 +198,29 @@ public final class TestPackageCoreProperties extends TestCase {
props2.setTitleProperty("Bug 51444 fixed"); props2.setTitleProperty("Bug 51444 fixed");
} }
public void testEntitiesInCoreProps_56164() throws Exception {
InputStream is = OpenXML4JTestDataSamples.openSampleStream("CorePropertiesHasEntities.ooxml");
OPCPackage p = OPCPackage.open(is);
is.close();
// Should have 3 root relationships
boolean foundDocRel = false, foundCorePropRel = false, foundExtPropRel = false;
for (PackageRelationship pr : p.getRelationships()) {
if (pr.getRelationshipType().equals(PackageRelationshipTypes.CORE_DOCUMENT))
foundDocRel = true;
if (pr.getRelationshipType().equals(PackageRelationshipTypes.CORE_PROPERTIES))
foundCorePropRel = true;
if (pr.getRelationshipType().equals(PackageRelationshipTypes.EXTENDED_PROPERTIES))
foundExtPropRel = true;
}
assertTrue("Core/Doc Relationship not found in " + p.getRelationships(), foundDocRel);
assertTrue("Core Props Relationship not found in " + p.getRelationships(), foundCorePropRel);
assertTrue("Ext Props Relationship not found in " + p.getRelationships(), foundExtPropRel);
// Get the Core Properties
PackagePropertiesPart props = (PackagePropertiesPart)p.getPackageProperties();
// Check
assertEquals("Stefan Kopf", props.getCreatorProperty().getValue());
}
} }

View File

@ -17,15 +17,18 @@
package org.apache.poi.openxml4j.opc; package org.apache.poi.openxml4j.opc;
import java.io.*; import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.InputStream;
import java.net.URI; import java.net.URI;
import java.util.regex.Pattern; import java.util.regex.Pattern;
import junit.framework.TestCase; import junit.framework.TestCase;
import org.apache.poi.openxml4j.OpenXML4JTestDataSamples; import org.apache.poi.openxml4j.OpenXML4JTestDataSamples;
import org.apache.poi.util.POILogger;
import org.apache.poi.util.POILogFactory; import org.apache.poi.util.POILogFactory;
import org.apache.poi.util.POILogger;
import org.apache.poi.xwpf.usermodel.XWPFRelation;
public class TestRelationships extends TestCase { public class TestRelationships extends TestCase {
@ -309,6 +312,7 @@ public class TestRelationships extends TestCase {
URI rel1 = parent.relativize(rId1.getTargetURI()); URI rel1 = parent.relativize(rId1.getTargetURI());
URI rel11 = PackagingURIHelper.relativizeURI(drawingPart.getPartName().getURI(), rId1.getTargetURI()); URI rel11 = PackagingURIHelper.relativizeURI(drawingPart.getPartName().getURI(), rId1.getTargetURI());
assertEquals("'Another Sheet'!A1", rel1.getFragment()); assertEquals("'Another Sheet'!A1", rel1.getFragment());
assertEquals("'Another Sheet'!A1", rel11.getFragment());
PackageRelationship rId2 = drawingPart.getRelationship("rId2"); PackageRelationship rId2 = drawingPart.getRelationship("rId2");
URI rel2 = PackagingURIHelper.relativizeURI(drawingPart.getPartName().getURI(), rId2.getTargetURI()); URI rel2 = PackagingURIHelper.relativizeURI(drawingPart.getPartName().getURI(), rId2.getTargetURI());
@ -390,6 +394,40 @@ public class TestRelationships extends TestCase {
targetUri = rId1.getTargetURI(); targetUri = rId1.getTargetURI();
assertEquals("mailto:nobody@nowhere.uk%C2%A0", targetUri.toASCIIString()); assertEquals("mailto:nobody@nowhere.uk%C2%A0", targetUri.toASCIIString());
assertEquals("nobody@nowhere.uk\u00A0", targetUri.getSchemeSpecificPart()); assertEquals("nobody@nowhere.uk\u00A0", targetUri.getSchemeSpecificPart());
}
public void testEntitiesInRels_56164() throws Exception {
InputStream is = OpenXML4JTestDataSamples.openSampleStream("PackageRelsHasEntities.ooxml");
OPCPackage p = OPCPackage.open(is);
is.close();
// Should have 3 root relationships
boolean foundDocRel = false, foundCorePropRel = false, foundExtPropRel = false;
for (PackageRelationship pr : p.getRelationships()) {
if (pr.getRelationshipType().equals(PackageRelationshipTypes.CORE_DOCUMENT))
foundDocRel = true;
if (pr.getRelationshipType().equals(PackageRelationshipTypes.CORE_PROPERTIES))
foundCorePropRel = true;
if (pr.getRelationshipType().equals(PackageRelationshipTypes.EXTENDED_PROPERTIES))
foundExtPropRel = true;
}
assertTrue("Core/Doc Relationship not found in " + p.getRelationships(), foundDocRel);
assertTrue("Core Props Relationship not found in " + p.getRelationships(), foundCorePropRel);
assertTrue("Ext Props Relationship not found in " + p.getRelationships(), foundExtPropRel);
// Should have normal work parts
boolean foundCoreProps = false, foundDocument = false;
for (PackagePart part : p.getParts()) {
if (part.getPartName().toString().equals("/docProps/core.xml")) {
assertEquals(ContentTypes.CORE_PROPERTIES_PART, part.getContentType());
foundCoreProps = true;
}
if (part.getPartName().toString().equals("/word/document.xml")) {
assertEquals(XWPFRelation.DOCUMENT.getContentType(), part.getContentType());
foundDocument = true;
}
}
assertTrue("Core not found in " + p.getParts(), foundCoreProps);
assertTrue("Document not found in " + p.getParts(), foundDocument);
} }
} }

View File

@ -32,6 +32,8 @@ import java.util.List;
import org.apache.poi.EncryptedDocumentException; import org.apache.poi.EncryptedDocumentException;
import org.apache.poi.POIDataSamples; import org.apache.poi.POIDataSamples;
import org.apache.poi.POIXMLDocumentPart; import org.apache.poi.POIXMLDocumentPart;
import org.apache.poi.POIXMLException;
import org.apache.poi.POIXMLProperties;
import org.apache.poi.hssf.usermodel.HSSFWorkbook; import org.apache.poi.hssf.usermodel.HSSFWorkbook;
import org.apache.poi.openxml4j.opc.OPCPackage; import org.apache.poi.openxml4j.opc.OPCPackage;
import org.apache.poi.openxml4j.opc.PackagePart; import org.apache.poi.openxml4j.opc.PackagePart;
@ -1440,4 +1442,37 @@ public final class TestXSSFBugs extends BaseTestBugzillaIssues {
fail("Should've raised a EncryptedDocumentException error"); fail("Should've raised a EncryptedDocumentException error");
} catch (EncryptedDocumentException e) {} } catch (EncryptedDocumentException e) {}
} }
@Test
public void bug54764() throws Exception {
OPCPackage pkg = XSSFTestDataSamples.openSamplePackage("54764.xlsx");
// Check the core properties - will be found but empty, due
// to the expansion being too much to be considered valid
POIXMLProperties props = new POIXMLProperties(pkg);
assertEquals(null, props.getCoreProperties().getTitle());
assertEquals(null, props.getCoreProperties().getSubject());
assertEquals(null, props.getCoreProperties().getDescription());
// Now check the spreadsheet itself
try {
new XSSFWorkbook(pkg);
fail("Should fail as too much expansion occurs");
} catch(POIXMLException e) {
// Expected
}
// Try with one with the entities in the Content Types
try {
XSSFTestDataSamples.openSamplePackage("54764-2.xlsx");
fail("Should fail as too much expansion occurs");
} catch(Exception e) {
// Expected
}
// Check we can still parse valid files after all that
Workbook wb = XSSFTestDataSamples.openSampleWorkbook("sample.xlsx");
assertEquals(3, wb.getNumberOfSheets());
}
} }

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.