commit | 16fb99560c65b66ae86a09b14d546d77e079344e | [log] [tgz] |
---|---|---|
author | Colm O hEigeartaigh <coheigea@users.noreply.github.com> | Fri Oct 11 11:45:15 2019 +0100 |
committer | GitHub <noreply@github.com> | Fri Oct 11 11:45:15 2019 +0100 |
tree | 6a050aa327b8e5d329ff7790f1099f691e4f4ba6 | |
parent | 22d7fc9ae944ced3b9711209992c1503547c93f5 [diff] | |
parent | a7a3009a5002f6e72fe5d19eb99382c28f374799 [diff] |
Merge pull request #129 from coheigea/doctypes Disallow Doctypes for SAXParserFactory
diff --git a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/content/XMLContentLoader.java b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/content/XMLContentLoader.java index db95a6a..9c1b502 100644 --- a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/content/XMLContentLoader.java +++ b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/content/XMLContentLoader.java
@@ -112,6 +112,7 @@ SAXParserFactory factory = SAXParserFactory.newInstance(); factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE); + factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); try (contentXML) { SAXParser parser = factory.newSAXParser(); parser.parse(contentXML, new ContentLoaderHandler(dataSource, ROOT_ELEMENT, true, env));