archive/ruby
1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2025-09-17 17:43:59 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 7

* lib/rexml/document.rb: limit entity expansion. Thanks, Luka

Browse source 
Treiber, Mitja Kolsek, and Michael Koziarski.  backported from
  trunk r19033, r19317, r19318.
* lib/rexml/entity.rb: ditto.
* test/rexml/test_document.rb: ditto.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@19320 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
shugo 2008-09-13 02:07:42 +00:00
parent 4c1486d349
commit 66cecf9d03
4 changed files with 98 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

22
lib/rexml/document.rb
View file

@ -32,6 +32,7 @@ module REXML
# @param context if supplied, contains the context of the document;
# this should be a Hash.
def initialize( source = nil, context = {} )
@entity_expansion_count = 0
super()
@context = context
return if source.nil?
@ -200,6 +201,27 @@ module REXML
Parsers::StreamParser.new( source, listener ).parse
end
@@entity_expansion_limit = 10_000
# Set the entity expansion limit. By defualt the limit is set to 10000.
def Document::entity_expansion_limit=( val )
@@entity_expansion_limit = val
end
# Get the entity expansion limit. By defualt the limit is set to 10000.
def Document::entity_expansion_limit
return @@entity_expansion_limit
end
attr_reader :entity_expansion_count
def record_entity_expansion
@entity_expansion_count += 1
if @entity_expansion_count > @@entity_expansion_limit
raise "number of entity expansions exceeded, processing aborted."
end
end
private
def build( source )
Parsers::TreeParser.new( source, self ).parse

1
lib/rexml/entity.rb
View file

@ -73,6 +73,7 @@ module REXML
# all entities -- both %ent; and &ent; entities. This differs from
# +value()+ in that +value+ only replaces %ent; entities.
def unnormalized
document.record_entity_expansion
v = value()
return nil if v.nil?
@unnormalized = Text::unnormalize(v, parent)