Permalink
Browse files

Took out warnings on external entities blocking.

Now it blocks silently. Also cleaned up some docs.
  • Loading branch information...
1 parent ed371c5 commit 2c63eeb48fb59087c9768e7be32e064a9b012982 @rjray committed Jun 26, 2011
Showing with 25 additions and 24 deletions.
  1. +13 −13 lib/RPC/XML/Parser/XMLLibXML.pm
  2. +12 −11 lib/RPC/XML/Parser/XMLParser.pm
@@ -42,7 +42,7 @@ use base 'RPC::XML::Parser';
use Scalar::Util 'reftype';
use XML::LibXML;
-$VERSION = '1.14';
+$VERSION = '1.15';
$VERSION = eval $VERSION; ## no critic (ProhibitStringyEval)
# This is to identify valid types that don't already have special handling
@@ -103,15 +103,8 @@ sub parse
$callbacks->register_callbacks([
sub {
my ($uri) = @_;
- if ($uri =~ m{^file:/})
- {
- warn "External entities disabled.\n";
- return 1;
- }
- else
- {
- return 0;
- }
+
+ return ($uri =~ m{^file:/}) ? 1 : 0;
},
sub {},
sub {},
@@ -683,9 +676,16 @@ is not a push-parser, an exception is thrown.
=head1 DIAGNOSTICS
-All methods return some type of reference on success, or an error string on
-failure. Non-reference return values should always be interpreted as errors,
-except in the case of C<simple_request>.
+All methods return some type of reference on success. The B<new> and B<parse>
+methods return an error string on failure. The B<parse_more> and B<parse_done>
+methods may throw exceptions, if the underlying B<XML::LibXML> parser
+encounters a fatal error.
+
+=head1 EXTERNAL ENTITIES
+
+As of version 1.15 of this module (version 0.75 of the B<RPC::XML> suite),
+external entities whose URI is a C<file:/> scheme (local file) are explicitly
+ignored. This is for security purposes.
=head1 BUGS
@@ -98,7 +98,7 @@ use XML::Parser;
require RPC::XML;
-$VERSION = '1.23';
+$VERSION = '1.24';
$VERSION = eval $VERSION; ## no critic (ProhibitStringyEval)
###############################################################################
@@ -670,15 +670,9 @@ sub char_data
}
# At some future point, this may be expanded to provide more entities than
-# just the four basic XML ones.
+# just the basic XML ones.
sub extern_ent
{
- my $robj = shift;
-
- local $" = ', ';
- warn ref($robj) . '::extern_ent: Attempt to reference external entity ' .
- "(@_)\n";
-
return q{};
}
@@ -760,9 +754,16 @@ is not a push-parser, an exception is thrown.
=head1 DIAGNOSTICS
-All methods return some type of reference on success, or an error string on
-failure. Non-reference return values should always be interpreted as errors,
-except in the case of C<simple_request>.
+All methods return some type of reference on success. The B<new> and B<parse>
+methods return message strings on errors. The B<parse_more> and B<parse_done>
+methods may throw exceptions on errors, if the error occurs at the
+B<XML::Parser> level.
+
+=head1 EXTERNAL ENTITIES
+
+As of version 1.24 of this module (version 0.75 of the B<RPC::XML> suite),
+external entities whose URI is a C<file:/> scheme (local file) are explicitly
+ignored. This is for security purposes.
=head1 BUGS

0 comments on commit 2c63eeb

Please sign in to comment.