src/com/sun/org/apache/xalan/internal/xsltc/compiler/Include.java

Print this page 

        
*** 21,43 ****
   * $Id: Include.java,v 1.8 2007/04/09 21:30:41 joehw Exp $
   */
  
  package com.sun.org.apache.xalan.internal.xsltc.compiler;
  
! import java.io.File;
! import java.io.FileNotFoundException;
! import java.net.MalformedURLException;
! import java.net.URL;
! import java.util.Enumeration;
! 
! import com.sun.org.apache.xml.internal.utils.SystemIDResolver;
  import com.sun.org.apache.xalan.internal.xsltc.compiler.util.ClassGenerator;
  import com.sun.org.apache.xalan.internal.xsltc.compiler.util.ErrorMsg;
  import com.sun.org.apache.xalan.internal.xsltc.compiler.util.MethodGenerator;
  import com.sun.org.apache.xalan.internal.xsltc.compiler.util.Type;
  import com.sun.org.apache.xalan.internal.xsltc.compiler.util.TypeCheckError;
! 
  import org.xml.sax.InputSource;
  import org.xml.sax.XMLReader;
  
  /**
   * @author Jacek Ambroziak
--- 21,44 ----
   * $Id: Include.java,v 1.8 2007/04/09 21:30:41 joehw Exp $
   */
  
  package com.sun.org.apache.xalan.internal.xsltc.compiler;
  
! import com.sun.org.apache.xalan.internal.XalanConstants;
! import com.sun.org.apache.xalan.internal.utils.SecuritySupport;
  import com.sun.org.apache.xalan.internal.xsltc.compiler.util.ClassGenerator;
  import com.sun.org.apache.xalan.internal.xsltc.compiler.util.ErrorMsg;
  import com.sun.org.apache.xalan.internal.xsltc.compiler.util.MethodGenerator;
  import com.sun.org.apache.xalan.internal.xsltc.compiler.util.Type;
  import com.sun.org.apache.xalan.internal.xsltc.compiler.util.TypeCheckError;
! import com.sun.org.apache.xml.internal.utils.SystemIDResolver;
! import java.io.File;
! import java.io.FileNotFoundException;
! import java.net.MalformedURLException;
! import java.net.URL;
! import java.util.Enumeration;
! import javax.xml.XMLConstants;
  import org.xml.sax.InputSource;
  import org.xml.sax.XMLReader;
  
  /**
   * @author Jacek Ambroziak

*** 83,92 ****
--- 84,104 ----
              }
  
              // No SourceLoader or not resolved by SourceLoader
              if (input == null) {
                  docToLoad = SystemIDResolver.getAbsoluteURI(docToLoad, currLoadedDoc);
+                 String accessError = SecuritySupport.checkAccess(docToLoad, 
+                         xsltc.getProperty(XMLConstants.ACCESS_EXTERNAL_STYLESHEET), 
+                         XalanConstants.ACCESS_EXTERNAL_ALL);
+ 
+                 if (accessError != null) {
+                     final ErrorMsg msg = new ErrorMsg(ErrorMsg.ACCESSING_XSLT_TARGET_ERR,
+                                         SecuritySupport.sanitizePath(docToLoad), accessError,
+                                         this);
+                     parser.reportError(Constants.FATAL, msg);
+                     return;
+                 }
                  input = new InputSource(docToLoad);
              }
  
              // Return if we could not resolve the URL
              if (input == null) {