Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE
jgraphx.7853
jgraphx-CVE-2017-18197.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File jgraphx-CVE-2017-18197.patch of Package jgraphx.7853
diff --git a/java/src/com/mxgraph/reader/mxGraphViewImageReader.java b/java/src/com/mxgraph/reader/mxGraphViewImageReader.java index 6c49cdc..b5f2044 100644 --- a/java/src/com/mxgraph/reader/mxGraphViewImageReader.java +++ b/java/src/com/mxgraph/reader/mxGraphViewImageReader.java @@ -11,7 +11,6 @@ import java.io.IOException; import java.util.Map; import javax.xml.parsers.ParserConfigurationException; -import javax.xml.parsers.SAXParser; import javax.xml.parsers.SAXParserFactory; import org.xml.sax.InputSource; @@ -270,9 +269,13 @@ public class mxGraphViewImageReader extends mxGraphViewReader throws ParserConfigurationException, SAXException, IOException { BufferedImage result = null; - SAXParser parser = SAXParserFactory.newInstance().newSAXParser(); - XMLReader reader = parser.getXMLReader(); - + + XMLReader reader = SAXParserFactory.newInstance().newSAXParser().getXMLReader(); + reader.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); + reader.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false); + reader.setFeature("http://xml.org/sax/features/external-general-entities", false); + reader.setFeature("http://xml.org/sax/features/external-parameter-entities", false); + reader.setContentHandler(viewReader); reader.parse(inputSource);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor