Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

https://issues.jboss.org/browse/WFK2-375 enhanced fix

git-svn-id: https://svn.jboss.org/repos/seam/branches/enterprise/WFK-2_1@15651 a9c07ecc-ef43-0410-a306-c911db474e88
commit 090aa6252affc978a96c388e3fc2c1c2688d9bb5 1 parent b1d1454
manaRH authored mareknovotny committed
View
3  jboss-seam-remoting/src/main/java/org/jboss/seam/remoting/ExecutionHandler.java
@@ -21,6 +21,7 @@
import org.jboss.seam.log.Logging;
import org.jboss.seam.remoting.wrapper.Wrapper;
import org.jboss.seam.servlet.ContextualHttpServletRequest;
+import org.jboss.seam.util.XML;
/**
* Unmarshals the calls from an HttpServletRequest, executes them in order and
@@ -67,7 +68,7 @@ public void handle(HttpServletRequest request, final HttpServletResponse respons
log.debug("Processing remote request: " + requestData);
// Parse the incoming request as XML
- SAXReader xmlReader = new SAXReader();
+ SAXReader xmlReader = XML.getSafeSaxReader();
Document doc = xmlReader.read( new StringReader(requestData) );
final Element env = doc.getRootElement();
final RequestContext ctx = unmarshalContext(env);
View
12 jboss-seam-remoting/src/main/java/org/jboss/seam/remoting/InterfaceGenerator.java
@@ -88,16 +88,8 @@ public void process() throws Exception
Component component = Component.forName(componentName);
if (component == null)
{
- try
- {
- Class c = Reflections.classForName(componentName);
- appendClassSource(response.getOutputStream(), c, types);
- }
- catch (ClassNotFoundException ex)
- {
- log.error(String.format("Component not found: [%s]", componentName));
- throw new ServletException("Invalid request - component not found.");
- }
+ log.error(String.format("Component not found: [%s]", componentName));
+ throw new ServletException("Invalid request - component not found.");
}
else
{
View
3  jboss-seam-remoting/src/main/java/org/jboss/seam/remoting/PollHandler.java
@@ -21,6 +21,7 @@
import org.jboss.seam.remoting.messaging.PollRequest;
import org.jboss.seam.remoting.wrapper.Wrapper;
import org.jboss.seam.servlet.ContextualHttpServletRequest;
+import org.jboss.seam.util.XML;
/**
* Handles JMS Message poll requests.
@@ -56,7 +57,7 @@ public void handle(HttpServletRequest request, final HttpServletResponse respons
response.setContentType("text/xml");
// Parse the incoming request as XML
- SAXReader xmlReader = new SAXReader();
+ SAXReader xmlReader = XML.getSafeSaxReader();
Document doc = xmlReader.read(request.getInputStream());
Element env = doc.getRootElement();
View
3  jboss-seam-remoting/src/main/java/org/jboss/seam/remoting/SubscriptionHandler.java
@@ -17,6 +17,7 @@
import org.jboss.seam.remoting.messaging.RemoteSubscriber;
import org.jboss.seam.remoting.messaging.SubscriptionRegistry;
import org.jboss.seam.remoting.messaging.SubscriptionRequest;
+import org.jboss.seam.util.XML;
import org.jboss.seam.web.ServletContexts;
/**
@@ -40,7 +41,7 @@ public void handle(HttpServletRequest request, HttpServletResponse response)
response.setContentType("text/xml");
// Parse the incoming request as XML
- SAXReader xmlReader = new SAXReader();
+ SAXReader xmlReader = XML.getSafeSaxReader();
Document doc = xmlReader.read(request.getInputStream());
Element env = doc.getRootElement();
View
13 jboss-seam/src/main/java/org/jboss/seam/util/XML.java
@@ -65,4 +65,17 @@ public InputSource resolveEntity(String systemId, String publicId)
}
}
+
+ /**
+ * Get safe SaxReader with doctype feature disabled
+ * @see http://xerces.apache.org/xerces2-j/features.html#disallow-doctype-decl
+ * @return
+ * @throws Exception
+ */
+ public static SAXReader getSafeSaxReader() throws Exception
+ {
+ SAXReader xmlReader = new SAXReader();
+ xmlReader.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
+ return xmlReader;
+ }
}
Please sign in to comment.
Something went wrong with that request. Please try again.