Merge pull request #129 from coheigea/doctypes Disallow Doctypes for SAXParserFactory

commit: 16fb99560c65b66ae86a09b14d546d77e079344e [log] [tgz]
author: Colm O hEigeartaigh <coheigea@users.noreply.github.com> Fri Oct 11 11:45:15 2019 +0100
committer: GitHub <noreply@github.com> Fri Oct 11 11:45:15 2019 +0100
tree: 6a050aa327b8e5d329ff7790f1099f691e4f4ba6
parent: 22d7fc9ae944ced3b9711209992c1503547c93f5 [diff]
parent: a7a3009a5002f6e72fe5d19eb99382c28f374799 [diff]
diff --git a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/content/XMLContentLoader.java b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/content/XMLContentLoader.java
index db95a6a..9c1b502 100644
--- a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/content/XMLContentLoader.java
+++ b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/content/XMLContentLoader.java

@@ -112,6 +112,7 @@
 
         SAXParserFactory factory = SAXParserFactory.newInstance();
         factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
+        factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
         try (contentXML) {
             SAXParser parser = factory.newSAXParser();
             parser.parse(contentXML, new ContentLoaderHandler(dataSource, ROOT_ELEMENT, true, env));
commit	16fb99560c65b66ae86a09b14d546d77e079344e	[log] [tgz]
author	Colm O hEigeartaigh <coheigea@users.noreply.github.com>	Fri Oct 11 11:45:15 2019 +0100
committer	GitHub <noreply@github.com>	Fri Oct 11 11:45:15 2019 +0100
tree	6a050aa327b8e5d329ff7790f1099f691e4f4ba6
parent	22d7fc9ae944ced3b9711209992c1503547c93f5 [diff]
parent	a7a3009a5002f6e72fe5d19eb99382c28f374799 [diff]