diff options
| author | Nitin Dahyabhai | 2017-02-27 04:42:56 +0000 |
|---|---|---|
| committer | Nitin Dahyabhai | 2017-02-27 04:42:56 +0000 |
| commit | c683da407b7dd4f5cb84908a7e951bf4ccdfdd4f (patch) | |
| tree | 60ed4878bef71b76f3fb9aed8fffb3fd5cc18d87 | |
| parent | 722131dccdaecbcbc166a4973175653ea23af11b (diff) | |
| download | webtools.sourceediting-R3_8_maintenance.tar.gz webtools.sourceediting-R3_8_maintenance.tar.xz webtools.sourceediting-R3_8_maintenance.zip | |
[508083] XML External Entity vulnerability, increment org.eclipse.wst.xml.core for WTP 3.8.2R3_8_2R3_8_maintenance
4 files changed, 22 insertions, 6 deletions
diff --git a/bundles/org.eclipse.wst.xml.core/META-INF/MANIFEST.MF b/bundles/org.eclipse.wst.xml.core/META-INF/MANIFEST.MF index 4f6bbc2985..0ba0e1becb 100644 --- a/bundles/org.eclipse.wst.xml.core/META-INF/MANIFEST.MF +++ b/bundles/org.eclipse.wst.xml.core/META-INF/MANIFEST.MF @@ -2,7 +2,7 @@ Manifest-Version: 1.0 Bundle-ManifestVersion: 2 Bundle-Name: %pluginName Bundle-SymbolicName: org.eclipse.wst.xml.core; singleton:=true -Bundle-Version: 1.1.1000.qualifier +Bundle-Version: 1.1.1001.qualifier Bundle-Activator: org.eclipse.wst.xml.core.internal.XMLCorePlugin Bundle-Vendor: %providerName Bundle-Localization: plugin diff --git a/bundles/org.eclipse.wst.xml.core/pom.xml b/bundles/org.eclipse.wst.xml.core/pom.xml index 972eb8f354..6c7c1d29cf 100644 --- a/bundles/org.eclipse.wst.xml.core/pom.xml +++ b/bundles/org.eclipse.wst.xml.core/pom.xml @@ -21,6 +21,6 @@ <groupId>org.eclipse.webtools.sourceediting</groupId> <artifactId>org.eclipse.wst.xml.core</artifactId> - <version>1.1.1000-SNAPSHOT</version> + <version>1.1.1001-SNAPSHOT</version> <packaging>eclipse-plugin</packaging> </project> diff --git a/bundles/org.eclipse.wst.xml.core/src-validation/org/eclipse/wst/xml/core/internal/validation/ValidatorHelper.java b/bundles/org.eclipse.wst.xml.core/src-validation/org/eclipse/wst/xml/core/internal/validation/ValidatorHelper.java index d030ecb0df..ff40831d67 100644 --- a/bundles/org.eclipse.wst.xml.core/src-validation/org/eclipse/wst/xml/core/internal/validation/ValidatorHelper.java +++ b/bundles/org.eclipse.wst.xml.core/src-validation/org/eclipse/wst/xml/core/internal/validation/ValidatorHelper.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright (c) 2001, 2012 IBM Corporation and others. + * Copyright (c) 2001, 2017 IBM Corporation and others. * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at @@ -81,6 +81,13 @@ public class ValidatorHelper reader.setFeature("http://xml.org/sax/features/namespace-prefixes", true); //$NON-NLS-1$ reader.setFeature("http://xml.org/sax/features/namespaces", false); //$NON-NLS-1$ reader.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false); //$NON-NLS-1$ + + // http://bugs.eclipse.org/508083 + if (!Boolean.valueOf(System.getProperty("xmlvalidation.resolve-external-entities")).booleanValue()) {//$NON-NLS-1$ + reader.setFeature("http://xml.org/sax/features/external-general-entities", false); //$NON-NLS-1$ + reader.setFeature("http://xml.org/sax/features/external-parameter-entities", false); //$NON-NLS-1$ + } + reader.setContentHandler(new MyContentHandler(uri)); reader.setErrorHandler(new InternalErrorHandler()); diff --git a/bundles/org.eclipse.wst.xml.core/src-validation/org/eclipse/wst/xml/core/internal/validation/XMLValidator.java b/bundles/org.eclipse.wst.xml.core/src-validation/org/eclipse/wst/xml/core/internal/validation/XMLValidator.java index 806f1797b3..d655e95815 100644 --- a/bundles/org.eclipse.wst.xml.core/src-validation/org/eclipse/wst/xml/core/internal/validation/XMLValidator.java +++ b/bundles/org.eclipse.wst.xml.core/src-validation/org/eclipse/wst/xml/core/internal/validation/XMLValidator.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright (c) 2001, 2014 IBM Corporation and others. + * Copyright (c) 2001, 2017 IBM Corporation and others. * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at @@ -34,6 +34,7 @@ import java.util.TreeSet; import org.apache.xerces.impl.XMLErrorReporter; import org.apache.xerces.impl.msg.XMLMessageFormatter; import org.apache.xerces.parsers.XIncludeAwareParserConfiguration; +import org.apache.xerces.parsers.XML11Configuration; import org.apache.xerces.xni.Augmentations; import org.apache.xerces.xni.NamespaceContext; import org.apache.xerces.xni.QName; @@ -830,8 +831,16 @@ public class XMLValidator */ public MyStandardParserConfiguration(XMLValidationInfo valinfo) { - this.valinfo = valinfo; - + this.valinfo = valinfo; + + // http://bugs.eclipse.org/508083 + if (!Boolean.valueOf(System.getProperty("xmlvalidation.resolve-external-entities")).booleanValue()) //$NON-NLS-1$ + { + setFeature(XML11Configuration.EXTERNAL_GENERAL_ENTITIES, false); + setFeature(XML11Configuration.EXTERNAL_PARAMETER_ENTITIES, false); + resetCommon(); + } + XMLErrorReporter errorReporter = createErrorReporter(); if (errorReporter.getMessageFormatter(XMLMessageFormatter.XML_DOMAIN) == null) { XMLMessageFormatter xmft = new XMLMessageFormatter(); |