Skip to content
Permalink
Browse files Browse the repository at this point in the history
安全修复:防范XML外部实体注入漏洞(XXE)
  • Loading branch information
DefineFC committed Jul 4, 2018
1 parent 2539f1a commit e54abad
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 2 deletions.
3 changes: 2 additions & 1 deletion weixin/msg.py
Expand Up @@ -64,7 +64,8 @@ def validate(self, signature, timestamp, nonce):

def parse(self, content):
raw = {}
root = etree.fromstring(content)
root = etree.fromstring(content,
parser=etree.XMLParser(resolve_entities=False))
for child in root:
raw[child.tag] = child.text

Expand Down
3 changes: 2 additions & 1 deletion weixin/pay.py
Expand Up @@ -79,7 +79,8 @@ def to_xml(self, raw):

def to_dict(self, content):
raw = {}
root = etree.fromstring(content.encode("utf-8"))
root = etree.fromstring(content.encode("utf-8"),
parser=etree.XMLParser(resolve_entities=False))
for child in root:
raw[child.tag] = child.text
return raw
Expand Down

0 comments on commit e54abad

Please sign in to comment.