File xxe.patch of Package redstone-xmlrpc

Index: xmlrpc/source/redstone/xmlrpc/XmlRpcParser.java
===================================================================
--- xmlrpc.orig/source/redstone/xmlrpc/XmlRpcParser.java
+++ xmlrpc/source/redstone/xmlrpc/XmlRpcParser.java
@@ -17,8 +17,10 @@
 package redstone.xmlrpc;
 
 import java.io.InputStream;
+import java.io.StringReader;
 import java.util.Stack;
 import org.xml.sax.Attributes;
+import org.xml.sax.EntityResolver;
 import org.xml.sax.InputSource;
 import org.xml.sax.SAXException;
 import org.xml.sax.XMLReader;
@@ -26,6 +28,16 @@ import org.xml.sax.helpers.DefaultHandle
 import org.xml.sax.helpers.XMLReaderFactory;
 
 /**
+ * DummyEntityResolver to stop downloading external DTDs.
+ */
+class DummyEntityResolver implements EntityResolver {
+    public InputSource resolveEntity(String publicID, String systemID)
+        throws SAXException {
+        return new InputSource(new StringReader(""));
+    }
+}
+
+/**
  *  An XmlRpcParser converts inbound XML-RPC messages to their Java counterparts through
  *  the use of a SAX compliant parser. This is an abstract class that is only concerned
  *  with the XML-RPC values contained in a message. Deriving classes supply a
@@ -121,6 +133,7 @@ public abstract class XmlRpcParser exten
                 try
                 {
                     reader = XMLReaderFactory.createXMLReader();
+                    reader.setEntityResolver(new DummyEntityResolver());
                 }
                 catch ( SAXException e )
                 {
@@ -347,4 +360,4 @@ public abstract class XmlRpcParser exten
 
     /** A cache of parsers so that we don't have to recreate them at every call. TODO Determine if necessary. */
     private static Stack/*<XMLReader>*/ readers = new Stack();
-}
\ No newline at end of file
+}