More doc fixes, modify testing resources to make it easy to check ent…

…ity expansion behavior.
swaldman · Jan 27, 2019 · 91430cf · 91430cf
1 parent 5caea41
commit 91430cf
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 2 deletions.
diff --git a/src/doc/extra.xml b/src/doc/extra.xml
@@ -0,0 +1,5 @@
+<user-overrides user="nobody">
+  <property name="unreturnedConnectionTimeout">25</property>
+  <property name="debugUnreturnedConnectionStackTraces">true</property>
+</user-overrides>
+
diff --git a/src/doc/index.html b/src/doc/index.html
@@ -2756,8 +2756,11 @@ <h4><a name="locating_configuration_information">Locating and Resolving Configur
       that is, in any location you specify under your classpath, including jar-file <tt>META-INF</tt> directories.
     </p>
     <p>
-      Due to <a href="">security concerns surrounding liberal parsing of XML references</a>, as of c3p0-0.9.5.3, c3p0 by default <i>no longer expands entity references in XML config files</i>.
-      However, installations that understand the full transitive closure of all entity references in their XML config may override this conservative behavior by setting the following property
+      Due to <a href="https://nvd.nist.gov/vuln/detail/CVE-2018-20433">security concerns surrounding liberal parsing of XML references</a>,
+      as of c3p0-0.9.5.3, c3p0 by default <i>no longer expands entity references in XML config files.
+      Entity references may be silently ignored!</i>
+      However, in the <i>very rare cases</i> where configurations intentionally rely upon entity reference expansion, you can turn it back on.
+      Installations that understand the full transitive closure of all entity references in their XML config may enable entity reference expansion by setting the following property
       to <tt>true</tt>:
     </p>
     <ul class="other_props_list">

diff --git a/src/test-properties/c3p0-config.xml b/src/test-properties/c3p0-config.xml
@@ -1,3 +1,9 @@
+<?xml version="1.0" standalone="no" ?>
+
+<!DOCTYPE c3p0-config [
+   <!ENTITY extra SYSTEM "https://www.mchange.com/projects/c3p0/extra.xml">
+]>
+
 <c3p0-config>
   <default-config>
     <!-- <property name="automaticTestTable">con_test</property> -->
@@ -36,6 +42,8 @@
       <!-- <property name="preferredTestQuery">select poop from doop</property> --><!-- intentionally broken -->
     </user-overrides>
 
+    &extra;
+
   </default-config>