From 5a933a349649d1de16612aa00f6098eddd642b5b Mon Sep 17 00:00:00 2001 From: Uwe Schindler Date: Mon, 18 Aug 2014 16:01:35 +0000 Subject: [PATCH] Add Dominik's suggestion to DocumentBuilderFactories. I also removed the setXIncludeAware(false) in XMLHelper, because it causes the same problem and is disabled by default. git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1618644 13f79535-47bb-0310-9956-ffa450edef68 --- src/java/org/apache/poi/util/XMLHelper.java | 32 ++++++++++++------- .../org/apache/poi/util/DocumentHelper.java | 7 ++-- .../java/org/apache/poi/util/SAXHelper.java | 6 ++-- 3 files changed, 29 insertions(+), 16 deletions(-) diff --git a/src/java/org/apache/poi/util/XMLHelper.java b/src/java/org/apache/poi/util/XMLHelper.java index f2da60776..3e97cee0b 100644 --- a/src/java/org/apache/poi/util/XMLHelper.java +++ b/src/java/org/apache/poi/util/XMLHelper.java @@ -19,7 +19,6 @@ package org.apache.poi.util; import javax.xml.XMLConstants; import javax.xml.parsers.DocumentBuilderFactory; -import javax.xml.parsers.ParserConfigurationException; /** * Helper methods for working with javax.xml classes. @@ -27,22 +26,31 @@ import javax.xml.parsers.ParserConfigurationException; */ public final class XMLHelper { + private static POILogger logger = POILogFactory.getLogger(XMLHelper.class); + /** * Creates a new DocumentBuilderFactory, with sensible defaults */ public static DocumentBuilderFactory getDocumentBuilderFactory() { + DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); + factory.setExpandEntityReferences(false); + trySetSAXFeature(factory, XMLConstants.FEATURE_SECURE_PROCESSING, true); + trySetSAXFeature(factory, "http://xml.org/sax/features/external-general-entities", false); + trySetSAXFeature(factory, "http://xml.org/sax/features/external-parameter-entities", false); + trySetSAXFeature(factory, "http://apache.org/xml/features/nonvalidating/load-external-dtd", false); + trySetSAXFeature(factory, "http://apache.org/xml/features/nonvalidating/load-dtd-grammar", false); + return factory; + } + + private static void trySetSAXFeature(DocumentBuilderFactory documentBuilderFactory, String feature, boolean enabled) { try { - DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); - factory.setXIncludeAware(false); - factory.setExpandEntityReferences(false); - factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); - factory.setFeature("http://xml.org/sax/features/external-general-entities", false); - factory.setFeature("http://xml.org/sax/features/external-parameter-entities", false); - factory.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false); - factory.setFeature("http://apache.org/xml/features/nonvalidating/load-dtd-grammar", false); - return factory; - } catch (ParserConfigurationException e) { - throw new RuntimeException("Broken XML Setup", e); + documentBuilderFactory.setFeature(feature, enabled); + } catch (Exception e) { + logger.log(POILogger.WARN, "SAX Feature unsupported", feature, e); + } catch (AbstractMethodError ame) { + logger.log(POILogger.WARN, "Cannot set SAX feature because outdated XML parser in classpath", feature, ame); } } + + } diff --git a/src/ooxml/java/org/apache/poi/util/DocumentHelper.java b/src/ooxml/java/org/apache/poi/util/DocumentHelper.java index 9ff6e7fb0..0c18b5d00 100644 --- a/src/ooxml/java/org/apache/poi/util/DocumentHelper.java +++ b/src/ooxml/java/org/apache/poi/util/DocumentHelper.java @@ -61,9 +61,12 @@ public final class DocumentHelper { try { documentBuilderFactory.setFeature(feature, enabled); } catch (Exception e) { - logger.log(POILogger.INFO, "SAX Feature unsupported", feature, e); + logger.log(POILogger.WARN, "SAX Feature unsupported", feature, e); + } catch (AbstractMethodError ame) { + logger.log(POILogger.WARN, "Cannot set SAX feature because outdated XML parser in classpath", feature, ame); } } + private static void trySetXercesSecurityManager(DocumentBuilderFactory documentBuilderFactory) { // Try built-in JVM one first, standalone if not for (String securityManagerClassName : new String[] { @@ -78,7 +81,7 @@ public final class DocumentHelper { // Stop once one can be setup without error return; } catch (Exception e) { - logger.log(POILogger.INFO, "SAX Security Manager could not be setup", e); + logger.log(POILogger.WARN, "SAX Security Manager could not be setup", e); } } } diff --git a/src/ooxml/java/org/apache/poi/util/SAXHelper.java b/src/ooxml/java/org/apache/poi/util/SAXHelper.java index bbc58e513..d4d016cb3 100644 --- a/src/ooxml/java/org/apache/poi/util/SAXHelper.java +++ b/src/ooxml/java/org/apache/poi/util/SAXHelper.java @@ -69,7 +69,9 @@ public final class SAXHelper { try { xmlReader.setFeature(feature, enabled); } catch (Exception e) { - logger.log(POILogger.INFO, "SAX Feature unsupported", feature, e); + logger.log(POILogger.WARN, "SAX Feature unsupported", feature, e); + } catch (AbstractMethodError ame) { + logger.log(POILogger.WARN, "Cannot set SAX feature because outdated XML parser in classpath", feature, ame); } } @@ -87,7 +89,7 @@ public final class SAXHelper { // Stop once one can be setup without error return; } catch (Exception e) { - logger.log(POILogger.INFO, "SAX Security Manager could not be setup", e); + logger.log(POILogger.WARN, "SAX Security Manager could not be setup", e); } } }