[bug-62692] issue when using widlfy xml parser
git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1840304 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
d45915478c
commit
ff7fe79e19
@ -20,6 +20,7 @@ package org.apache.poi.ooxml.util;
|
|||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.io.InputStream;
|
import java.io.InputStream;
|
||||||
import java.lang.reflect.Method;
|
import java.lang.reflect.Method;
|
||||||
|
import java.util.concurrent.TimeUnit;
|
||||||
|
|
||||||
import javax.xml.XMLConstants;
|
import javax.xml.XMLConstants;
|
||||||
import javax.xml.parsers.DocumentBuilder;
|
import javax.xml.parsers.DocumentBuilder;
|
||||||
@ -38,6 +39,7 @@ import org.xml.sax.SAXParseException;
|
|||||||
|
|
||||||
public final class DocumentHelper {
|
public final class DocumentHelper {
|
||||||
private static POILogger logger = POILogFactory.getLogger(DocumentHelper.class);
|
private static POILogger logger = POILogFactory.getLogger(DocumentHelper.class);
|
||||||
|
private static long lastLog;
|
||||||
|
|
||||||
private DocumentHelper() {}
|
private DocumentHelper() {}
|
||||||
|
|
||||||
@ -102,19 +104,19 @@ public final class DocumentHelper {
|
|||||||
//this doesn't appear to work, and we still need to limit
|
//this doesn't appear to work, and we still need to limit
|
||||||
//entity expansions to 1 in trySetXercesSecurityManager
|
//entity expansions to 1 in trySetXercesSecurityManager
|
||||||
documentBuilderFactory.setExpandEntityReferences(false);
|
documentBuilderFactory.setExpandEntityReferences(false);
|
||||||
trySetSAXFeature(documentBuilderFactory, XMLConstants.FEATURE_SECURE_PROCESSING, true);
|
trySetFeature(documentBuilderFactory, XMLConstants.FEATURE_SECURE_PROCESSING, true);
|
||||||
trySetSAXFeature(documentBuilderFactory, POIXMLConstants.FEATURE_LOAD_DTD_GRAMMAR, false);
|
trySetFeature(documentBuilderFactory, POIXMLConstants.FEATURE_LOAD_DTD_GRAMMAR, false);
|
||||||
trySetSAXFeature(documentBuilderFactory, POIXMLConstants.FEATURE_LOAD_EXTERNAL_DTD, false);
|
trySetFeature(documentBuilderFactory, POIXMLConstants.FEATURE_LOAD_EXTERNAL_DTD, false);
|
||||||
trySetXercesSecurityManager(documentBuilderFactory);
|
trySetXercesSecurityManager(documentBuilderFactory);
|
||||||
}
|
}
|
||||||
|
|
||||||
private static void trySetSAXFeature(DocumentBuilderFactory dbf, String feature, boolean enabled) {
|
private static void trySetFeature(DocumentBuilderFactory dbf, String feature, boolean enabled) {
|
||||||
try {
|
try {
|
||||||
dbf.setFeature(feature, enabled);
|
dbf.setFeature(feature, enabled);
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
logger.log(POILogger.WARN, "SAX Feature unsupported", feature, e);
|
logger.log(POILogger.WARN, "DocumentBuilderFactory Feature unsupported", feature, e);
|
||||||
} catch (AbstractMethodError ame) {
|
} catch (AbstractMethodError ame) {
|
||||||
logger.log(POILogger.WARN, "Cannot set SAX feature because outdated XML parser in classpath", feature, ame);
|
logger.log(POILogger.WARN, "Cannot set DocumentBuilderFactory feature because outdated XML parser in classpath", feature, ame);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -134,13 +136,23 @@ public final class DocumentHelper {
|
|||||||
} catch (ClassNotFoundException e) {
|
} catch (ClassNotFoundException e) {
|
||||||
// continue without log, this is expected in some setups
|
// continue without log, this is expected in some setups
|
||||||
} catch (Throwable e) { // NOSONAR - also catch things like NoClassDefError here
|
} catch (Throwable e) { // NOSONAR - also catch things like NoClassDefError here
|
||||||
logger.log(POILogger.WARN, "SAX Security Manager could not be setup", e);
|
if(System.currentTimeMillis() > lastLog + TimeUnit.MINUTES.toMillis(5)) {
|
||||||
|
logger.log(POILogger.WARN, "DocumentBuilderFactory Security Manager could not be setup [log suppressed for 5 minutes]", e);
|
||||||
|
lastLog = System.currentTimeMillis();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// separate old version of Xerces not found => use the builtin way of setting the property
|
// separate old version of Xerces not found => use the builtin way of setting the property
|
||||||
// Note: when entity_expansion_limit==0, there is no limit!
|
// Note: when entity_expansion_limit==0, there is no limit!
|
||||||
dbf.setAttribute(POIXMLConstants.PROPERTY_ENTITY_EXPANSION_LIMIT, 1);
|
try {
|
||||||
|
dbf.setAttribute(POIXMLConstants.PROPERTY_ENTITY_EXPANSION_LIMIT, 1);
|
||||||
|
} catch (Throwable e) {
|
||||||
|
if(System.currentTimeMillis() > lastLog + TimeUnit.MINUTES.toMillis(5)) {
|
||||||
|
logger.log(POILogger.WARN, "DocumentBuilderFactory Entity Expansion Limit could not be setup [log suppressed for 5 minutes]", e);
|
||||||
|
lastLog = System.currentTimeMillis();
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -84,7 +84,6 @@ import org.openxmlformats.schemas.wordprocessingml.x2006.main.STDocProtect;
|
|||||||
import org.openxmlformats.schemas.wordprocessingml.x2006.main.STHdrFtr;
|
import org.openxmlformats.schemas.wordprocessingml.x2006.main.STHdrFtr;
|
||||||
import org.openxmlformats.schemas.wordprocessingml.x2006.main.STOnOff;
|
import org.openxmlformats.schemas.wordprocessingml.x2006.main.STOnOff;
|
||||||
import org.openxmlformats.schemas.wordprocessingml.x2006.main.StylesDocument;
|
import org.openxmlformats.schemas.wordprocessingml.x2006.main.StylesDocument;
|
||||||
import org.openxmlformats.schemas.wordprocessingml.x2006.main.*;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* <p>High(ish) level class for working with .docx files.</p>
|
* <p>High(ish) level class for working with .docx files.</p>
|
||||||
|
Loading…
Reference in New Issue
Block a user