moparisthebest/poi
1
0
Fork 0
Code Issues Pull Requests Releases 1 Wiki Activity

[bug-62692] issue when using widlfy xml parser

Browse Source 
git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1840304 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
PJ Fanning 2018-09-07 14:57:09 +00:00
parent d45915478c
commit ff7fe79e19
2 changed files with 20 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
src/ooxml/java/org/apache/poi/ooxml/util/DocumentHelper.java
View File

@ -20,6 +20,7 @@ package org.apache.poi.ooxml.util;
import java.io.IOException;
import java.io.InputStream;
import java.lang.reflect.Method;
import java.util.concurrent.TimeUnit;
import javax.xml.XMLConstants;
import javax.xml.parsers.DocumentBuilder;
@ -38,6 +39,7 @@ import org.xml.sax.SAXParseException;
public final class DocumentHelper {
private static POILogger logger = POILogFactory.getLogger(DocumentHelper.class);
private static long lastLog;
private DocumentHelper() {}
@ -102,19 +104,19 @@ public final class DocumentHelper {
//this doesn't appear to work, and we still need to limit
//entity expansions to 1 in trySetXercesSecurityManager
documentBuilderFactory.setExpandEntityReferences(false);
trySetSAXFeature(documentBuilderFactory, XMLConstants.FEATURE_SECURE_PROCESSING, true);
trySetSAXFeature(documentBuilderFactory, POIXMLConstants.FEATURE_LOAD_DTD_GRAMMAR, false);
trySetSAXFeature(documentBuilderFactory, POIXMLConstants.FEATURE_LOAD_EXTERNAL_DTD, false);
trySetFeature(documentBuilderFactory, XMLConstants.FEATURE_SECURE_PROCESSING, true);
trySetFeature(documentBuilderFactory, POIXMLConstants.FEATURE_LOAD_DTD_GRAMMAR, false);
trySetFeature(documentBuilderFactory, POIXMLConstants.FEATURE_LOAD_EXTERNAL_DTD, false);
trySetXercesSecurityManager(documentBuilderFactory);
}
private static void trySetSAXFeature(DocumentBuilderFactory dbf, String feature, boolean enabled) {
private static void trySetFeature(DocumentBuilderFactory dbf, String feature, boolean enabled) {
try {
dbf.setFeature(feature, enabled);
} catch (Exception e) {
logger.log(POILogger.WARN, "SAX Feature unsupported", feature, e);
logger.log(POILogger.WARN, "DocumentBuilderFactory Feature unsupported", feature, e);
} catch (AbstractMethodError ame) {
logger.log(POILogger.WARN, "Cannot set SAX feature because outdated XML parser in classpath", feature, ame);
logger.log(POILogger.WARN, "Cannot set DocumentBuilderFactory feature because outdated XML parser in classpath", feature, ame);
}
}
@ -134,13 +136,23 @@ public final class DocumentHelper {
} catch (ClassNotFoundException e) {
// continue without log, this is expected in some setups
} catch (Throwable e) { // NOSONAR - also catch things like NoClassDefError here
logger.log(POILogger.WARN, "SAX Security Manager could not be setup", e);
if(System.currentTimeMillis() > lastLog + TimeUnit.MINUTES.toMillis(5)) {
logger.log(POILogger.WARN, "DocumentBuilderFactory Security Manager could not be setup [log suppressed for 5 minutes]", e);
lastLog = System.currentTimeMillis();
}
}
}
// separate old version of Xerces not found => use the builtin way of setting the property
// Note: when entity_expansion_limit==0, there is no limit!
dbf.setAttribute(POIXMLConstants.PROPERTY_ENTITY_EXPANSION_LIMIT, 1);
try {
dbf.setAttribute(POIXMLConstants.PROPERTY_ENTITY_EXPANSION_LIMIT, 1);
} catch (Throwable e) {
if(System.currentTimeMillis() > lastLog + TimeUnit.MINUTES.toMillis(5)) {
logger.log(POILogger.WARN, "DocumentBuilderFactory Entity Expansion Limit could not be setup [log suppressed for 5 minutes]", e);
lastLog = System.currentTimeMillis();
}
}
}
/**

1
src/ooxml/java/org/apache/poi/xwpf/usermodel/XWPFDocument.java
View File

@ -84,7 +84,6 @@ import org.openxmlformats.schemas.wordprocessingml.x2006.main.STDocProtect;
import org.openxmlformats.schemas.wordprocessingml.x2006.main.STHdrFtr;
import org.openxmlformats.schemas.wordprocessingml.x2006.main.STOnOff;
import org.openxmlformats.schemas.wordprocessingml.x2006.main.StylesDocument;
import org.openxmlformats.schemas.wordprocessingml.x2006.main.*;
/**
* <p>High(ish) level class for working with .docx files.</p>