moparisthebest/poi
1
0
Fork 0
Code Issues Pull Requests Releases 1 Wiki Activity

Add Dominik's suggestion to DocumentBuilderFactories. I also removed the setXIncludeAware(false) in XMLHelper, because it causes the same problem and is disabled by default.

Browse Source 
git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1618644 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Uwe Schindler 2014-08-18 16:01:35 +00:00
parent 36314b3995
commit 5a933a3496
3 changed files with 29 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
src/java/org/apache/poi/util/XMLHelper.java
View File

@ -19,7 +19,6 @@ package org.apache.poi.util;
import javax.xml.XMLConstants; import javax.xml.XMLConstants;
import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
/** /**
* Helper methods for working with javax.xml classes. * Helper methods for working with javax.xml classes.
@ -27,22 +26,31 @@ import javax.xml.parsers.ParserConfigurationException;
*/ */
public final class XMLHelper public final class XMLHelper
{ {
private static POILogger logger = POILogFactory.getLogger(XMLHelper.class);
/** /**
* Creates a new DocumentBuilderFactory, with sensible defaults * Creates a new DocumentBuilderFactory, with sensible defaults
*/ */
public static DocumentBuilderFactory getDocumentBuilderFactory() { public static DocumentBuilderFactory getDocumentBuilderFactory() {
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
factory.setExpandEntityReferences(false);
trySetSAXFeature(factory, XMLConstants.FEATURE_SECURE_PROCESSING, true);
trySetSAXFeature(factory, "http://xml.org/sax/features/external-general-entities", false);
trySetSAXFeature(factory, "http://xml.org/sax/features/external-parameter-entities", false);
trySetSAXFeature(factory, "http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
trySetSAXFeature(factory, "http://apache.org/xml/features/nonvalidating/load-dtd-grammar", false);
return factory;
}
private static void trySetSAXFeature(DocumentBuilderFactory documentBuilderFactory, String feature, boolean enabled) {
try { try {
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); documentBuilderFactory.setFeature(feature, enabled);
factory.setXIncludeAware(false); } catch (Exception e) {
factory.setExpandEntityReferences(false); logger.log(POILogger.WARN, "SAX Feature unsupported", feature, e);
factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); } catch (AbstractMethodError ame) {
factory.setFeature("http://xml.org/sax/features/external-general-entities", false); logger.log(POILogger.WARN, "Cannot set SAX feature because outdated XML parser in classpath", feature, ame);
factory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
factory.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
factory.setFeature("http://apache.org/xml/features/nonvalidating/load-dtd-grammar", false);
return factory;
} catch (ParserConfigurationException e) {
throw new RuntimeException("Broken XML Setup", e);
} }
} }
} }

7
src/ooxml/java/org/apache/poi/util/DocumentHelper.java
View File

@ -61,9 +61,12 @@ public final class DocumentHelper {
try { try {
documentBuilderFactory.setFeature(feature, enabled); documentBuilderFactory.setFeature(feature, enabled);
} catch (Exception e) { } catch (Exception e) {
logger.log(POILogger.INFO, "SAX Feature unsupported", feature, e); logger.log(POILogger.WARN, "SAX Feature unsupported", feature, e);
} catch (AbstractMethodError ame) {
logger.log(POILogger.WARN, "Cannot set SAX feature because outdated XML parser in classpath", feature, ame);
} }
} }
private static void trySetXercesSecurityManager(DocumentBuilderFactory documentBuilderFactory) { private static void trySetXercesSecurityManager(DocumentBuilderFactory documentBuilderFactory) {
// Try built-in JVM one first, standalone if not // Try built-in JVM one first, standalone if not
for (String securityManagerClassName : new String[] { for (String securityManagerClassName : new String[] {
@ -78,7 +81,7 @@ public final class DocumentHelper {
// Stop once one can be setup without error // Stop once one can be setup without error
return; return;
} catch (Exception e) { } catch (Exception e) {
logger.log(POILogger.INFO, "SAX Security Manager could not be setup", e); logger.log(POILogger.WARN, "SAX Security Manager could not be setup", e);
} }
} }
} }

6
src/ooxml/java/org/apache/poi/util/SAXHelper.java
View File

@ -69,7 +69,9 @@ public final class SAXHelper {
try { try {
xmlReader.setFeature(feature, enabled); xmlReader.setFeature(feature, enabled);
} catch (Exception e) { } catch (Exception e) {
logger.log(POILogger.INFO, "SAX Feature unsupported", feature, e); logger.log(POILogger.WARN, "SAX Feature unsupported", feature, e);
} catch (AbstractMethodError ame) {
logger.log(POILogger.WARN, "Cannot set SAX feature because outdated XML parser in classpath", feature, ame);
} }
} }
@ -87,7 +89,7 @@ public final class SAXHelper {
// Stop once one can be setup without error // Stop once one can be setup without error
return; return;
} catch (Exception e) { } catch (Exception e) {
logger.log(POILogger.INFO, "SAX Security Manager could not be setup", e); logger.log(POILogger.WARN, "SAX Security Manager could not be setup", e);
} }
} }
} }