moparisthebest
/
poi
1
0
Fork 0
Code Issues Pull Requests Releases 1 Wiki Activity

[bug-62692] issue when using widlfy xml parser 

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1840304 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
PJ Fanning 2018-09-07 14:57:09 +00:00
parent d45915478c
commit ff7fe79e19
2 changed files with 20 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
src/ooxml/java/org/apache/poi/ooxml/util/DocumentHelper.java
View File

@ -20,6 +20,7 @@ package org.apache.poi.ooxml.util;
import java.io.IOException; import java.io.IOException;
import java.io.InputStream; import java.io.InputStream;
import java.lang.reflect.Method; import java.lang.reflect.Method;
import java.util.concurrent.TimeUnit;
import javax.xml.XMLConstants; import javax.xml.XMLConstants;
import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilder;
@ -38,6 +39,7 @@ import org.xml.sax.SAXParseException;
public final class DocumentHelper { public final class DocumentHelper {
private static POILogger logger = POILogFactory.getLogger(DocumentHelper.class); private static POILogger logger = POILogFactory.getLogger(DocumentHelper.class);
private static long lastLog;
private DocumentHelper() {} private DocumentHelper() {}
@ -102,19 +104,19 @@ public final class DocumentHelper {
//this doesn't appear to work, and we still need to limit //this doesn't appear to work, and we still need to limit
//entity expansions to 1 in trySetXercesSecurityManager //entity expansions to 1 in trySetXercesSecurityManager
documentBuilderFactory.setExpandEntityReferences(false); documentBuilderFactory.setExpandEntityReferences(false);
trySetSAXFeature(documentBuilderFactory, XMLConstants.FEATURE_SECURE_PROCESSING, true); trySetFeature(documentBuilderFactory, XMLConstants.FEATURE_SECURE_PROCESSING, true);
trySetSAXFeature(documentBuilderFactory, POIXMLConstants.FEATURE_LOAD_DTD_GRAMMAR, false); trySetFeature(documentBuilderFactory, POIXMLConstants.FEATURE_LOAD_DTD_GRAMMAR, false);
trySetSAXFeature(documentBuilderFactory, POIXMLConstants.FEATURE_LOAD_EXTERNAL_DTD, false); trySetFeature(documentBuilderFactory, POIXMLConstants.FEATURE_LOAD_EXTERNAL_DTD, false);
trySetXercesSecurityManager(documentBuilderFactory); trySetXercesSecurityManager(documentBuilderFactory);
} }
private static void trySetSAXFeature(DocumentBuilderFactory dbf, String feature, boolean enabled) { private static void trySetFeature(DocumentBuilderFactory dbf, String feature, boolean enabled) {
try { try {
dbf.setFeature(feature, enabled); dbf.setFeature(feature, enabled);
} catch (Exception e) { } catch (Exception e) {
logger.log(POILogger.WARN, "SAX Feature unsupported", feature, e); logger.log(POILogger.WARN, "DocumentBuilderFactory Feature unsupported", feature, e);
} catch (AbstractMethodError ame) { } catch (AbstractMethodError ame) {
logger.log(POILogger.WARN, "Cannot set SAX feature because outdated XML parser in classpath", feature, ame); logger.log(POILogger.WARN, "Cannot set DocumentBuilderFactory feature because outdated XML parser in classpath", feature, ame);
} }
} }
@ -134,13 +136,23 @@ public final class DocumentHelper {
} catch (ClassNotFoundException e) { } catch (ClassNotFoundException e) {
// continue without log, this is expected in some setups // continue without log, this is expected in some setups
} catch (Throwable e) { // NOSONAR - also catch things like NoClassDefError here } catch (Throwable e) { // NOSONAR - also catch things like NoClassDefError here
logger.log(POILogger.WARN, "SAX Security Manager could not be setup", e); if(System.currentTimeMillis() > lastLog + TimeUnit.MINUTES.toMillis(5)) {
logger.log(POILogger.WARN, "DocumentBuilderFactory Security Manager could not be setup [log suppressed for 5 minutes]", e);
lastLog = System.currentTimeMillis();
}
} }
} }
// separate old version of Xerces not found => use the builtin way of setting the property // separate old version of Xerces not found => use the builtin way of setting the property
// Note: when entity_expansion_limit==0, there is no limit! // Note: when entity_expansion_limit==0, there is no limit!
dbf.setAttribute(POIXMLConstants.PROPERTY_ENTITY_EXPANSION_LIMIT, 1); try {
dbf.setAttribute(POIXMLConstants.PROPERTY_ENTITY_EXPANSION_LIMIT, 1);
} catch (Throwable e) {
if(System.currentTimeMillis() > lastLog + TimeUnit.MINUTES.toMillis(5)) {
logger.log(POILogger.WARN, "DocumentBuilderFactory Entity Expansion Limit could not be setup [log suppressed for 5 minutes]", e);
lastLog = System.currentTimeMillis();
}
}
} }
/** /**

1
src/ooxml/java/org/apache/poi/xwpf/usermodel/XWPFDocument.java
View File

@ -84,7 +84,6 @@ import org.openxmlformats.schemas.wordprocessingml.x2006.main.STDocProtect;
import org.openxmlformats.schemas.wordprocessingml.x2006.main.STHdrFtr; import org.openxmlformats.schemas.wordprocessingml.x2006.main.STHdrFtr;
import org.openxmlformats.schemas.wordprocessingml.x2006.main.STOnOff; import org.openxmlformats.schemas.wordprocessingml.x2006.main.STOnOff;
import org.openxmlformats.schemas.wordprocessingml.x2006.main.StylesDocument; import org.openxmlformats.schemas.wordprocessingml.x2006.main.StylesDocument;
import org.openxmlformats.schemas.wordprocessingml.x2006.main.*;
/** /**
* <p>High(ish) level class for working with .docx files.</p> * <p>High(ish) level class for working with .docx files.</p>