Author: manaRH
Date: 2014-02-06 08:01:42 -0500 (Thu, 06 Feb 2014)
New Revision: 15659
Removed:
branches/enterprise/JBPAPP_5_0/ui/src/main/java/org/jboss/seam/ui/resource/
Modified:
branches/enterprise/JBPAPP_5_0/src/main/org/jboss/seam/util/XML.java
branches/enterprise/JBPAPP_5_0/src/remoting/org/jboss/seam/remoting/ExecutionHandler.java
branches/enterprise/JBPAPP_5_0/src/remoting/org/jboss/seam/remoting/InterfaceGenerator.java
branches/enterprise/JBPAPP_5_0/src/remoting/org/jboss/seam/remoting/PollHandler.java
branches/enterprise/JBPAPP_5_0/src/remoting/org/jboss/seam/remoting/SubscriptionHandler.java
Log:
https://issues.jboss.org/browse/JBPAPP-10954 back ported the fix
Modified: branches/enterprise/JBPAPP_5_0/src/main/org/jboss/seam/util/XML.java
===================================================================
--- branches/enterprise/JBPAPP_5_0/src/main/org/jboss/seam/util/XML.java 2014-02-02
19:37:53 UTC (rev 15658)
+++ branches/enterprise/JBPAPP_5_0/src/main/org/jboss/seam/util/XML.java 2014-02-06
13:01:42 UTC (rev 15659)
@@ -65,4 +65,17 @@
}
}
+
+ /**
+ * Get safe SaxReader with doctype feature disabled
+ * @see
http://xerces.apache.org/xerces2-j/features.html#disallow-doctype-decl
+ * @return
+ * @throws Exception
+ */
+ public static SAXReader getSafeSaxReader() throws Exception
+ {
+ SAXReader xmlReader = new SAXReader();
+
xmlReader.setFeature("http://apache.org/xml/features/disallow-doctyp...;,
true);
+ return xmlReader;
+ }
}
Modified:
branches/enterprise/JBPAPP_5_0/src/remoting/org/jboss/seam/remoting/ExecutionHandler.java
===================================================================
---
branches/enterprise/JBPAPP_5_0/src/remoting/org/jboss/seam/remoting/ExecutionHandler.java 2014-02-02
19:37:53 UTC (rev 15658)
+++
branches/enterprise/JBPAPP_5_0/src/remoting/org/jboss/seam/remoting/ExecutionHandler.java 2014-02-06
13:01:42 UTC (rev 15659)
@@ -21,6 +21,7 @@
import org.jboss.seam.log.Logging;
import org.jboss.seam.remoting.wrapper.Wrapper;
import org.jboss.seam.servlet.ContextualHttpServletRequest;
+import org.jboss.seam.util.XML;
/**
* Unmarshals the calls from an HttpServletRequest, executes them in order and
@@ -67,7 +68,7 @@
log.debug("Processing remote request: " + requestData);
// Parse the incoming request as XML
- SAXReader xmlReader = new SAXReader();
+ SAXReader xmlReader = XML.getSafeSaxReader();
Document doc = xmlReader.read( new StringReader(requestData) );
final Element env = doc.getRootElement();
final RequestContext ctx = unmarshalContext(env);
Modified:
branches/enterprise/JBPAPP_5_0/src/remoting/org/jboss/seam/remoting/InterfaceGenerator.java
===================================================================
---
branches/enterprise/JBPAPP_5_0/src/remoting/org/jboss/seam/remoting/InterfaceGenerator.java 2014-02-02
19:37:53 UTC (rev 15658)
+++
branches/enterprise/JBPAPP_5_0/src/remoting/org/jboss/seam/remoting/InterfaceGenerator.java 2014-02-06
13:01:42 UTC (rev 15659)
@@ -88,16 +88,8 @@
Component component = Component.forName(componentName);
if (component == null)
{
- try
- {
- Class c = Reflections.classForName(componentName);
- appendClassSource(response.getOutputStream(), c, types);
- }
- catch (ClassNotFoundException ex)
- {
- log.error(String.format("Component not found: [%s]",
componentName));
- throw new ServletException("Invalid request - component not
found.");
- }
+ log.error(String.format("Component not found: [%s]",
componentName));
+ throw new ServletException("Invalid request - component not
found.");
}
else
{
Modified:
branches/enterprise/JBPAPP_5_0/src/remoting/org/jboss/seam/remoting/PollHandler.java
===================================================================
---
branches/enterprise/JBPAPP_5_0/src/remoting/org/jboss/seam/remoting/PollHandler.java 2014-02-02
19:37:53 UTC (rev 15658)
+++
branches/enterprise/JBPAPP_5_0/src/remoting/org/jboss/seam/remoting/PollHandler.java 2014-02-06
13:01:42 UTC (rev 15659)
@@ -21,6 +21,7 @@
import org.jboss.seam.remoting.messaging.PollRequest;
import org.jboss.seam.remoting.wrapper.Wrapper;
import org.jboss.seam.servlet.ContextualHttpServletRequest;
+import org.jboss.seam.util.XML;
/**
* Handles JMS Message poll requests.
@@ -56,7 +57,7 @@
response.setContentType("text/xml");
// Parse the incoming request as XML
- SAXReader xmlReader = new SAXReader();
+ SAXReader xmlReader = XML.getSafeSaxReader();
Document doc = xmlReader.read(request.getInputStream());
Element env = doc.getRootElement();
Modified:
branches/enterprise/JBPAPP_5_0/src/remoting/org/jboss/seam/remoting/SubscriptionHandler.java
===================================================================
---
branches/enterprise/JBPAPP_5_0/src/remoting/org/jboss/seam/remoting/SubscriptionHandler.java 2014-02-02
19:37:53 UTC (rev 15658)
+++
branches/enterprise/JBPAPP_5_0/src/remoting/org/jboss/seam/remoting/SubscriptionHandler.java 2014-02-06
13:01:42 UTC (rev 15659)
@@ -17,6 +17,7 @@
import org.jboss.seam.remoting.messaging.RemoteSubscriber;
import org.jboss.seam.remoting.messaging.SubscriptionRegistry;
import org.jboss.seam.remoting.messaging.SubscriptionRequest;
+import org.jboss.seam.util.XML;
import org.jboss.seam.web.ServletContexts;
/**
@@ -40,7 +41,7 @@
response.setContentType("text/xml");
// Parse the incoming request as XML
- SAXReader xmlReader = new SAXReader();
+ SAXReader xmlReader = XML.getSafeSaxReader();
Document doc = xmlReader.read(request.getInputStream());
Element env = doc.getRootElement();