src/com/sun/org/apache/xalan/internal/xsltc/compiler/Parser.java
Print this page
*** 21,30 ****
--- 21,40 ----
* $Id: Parser.java,v 1.2.4.1 2005/09/13 12:14:32 pvedula Exp $
*/
package com.sun.org.apache.xalan.internal.xsltc.compiler;
+ import com.sun.java_cup.internal.runtime.Symbol;
+ import com.sun.org.apache.xalan.internal.XalanConstants;
+ import com.sun.org.apache.xalan.internal.utils.FactoryImpl;
+ import com.sun.org.apache.xalan.internal.utils.ObjectFactory;
+ import com.sun.org.apache.xalan.internal.utils.SecuritySupport;
+ import com.sun.org.apache.xalan.internal.xsltc.compiler.util.ErrorMsg;
+ import com.sun.org.apache.xalan.internal.xsltc.compiler.util.MethodType;
+ import com.sun.org.apache.xalan.internal.xsltc.compiler.util.Type;
+ import com.sun.org.apache.xalan.internal.xsltc.compiler.util.TypeCheckError;
+ import com.sun.org.apache.xml.internal.serializer.utils.SystemIDResolver;
import java.io.File;
import java.io.IOException;
import java.io.StringReader;
import java.util.Dictionary;
import java.util.Enumeration;
*** 31,61 ****
import java.util.Hashtable;
import java.util.Properties;
import java.util.Stack;
import java.util.StringTokenizer;
import java.util.Vector;
-
- import com.sun.java_cup.internal.runtime.Symbol;
import javax.xml.XMLConstants;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.parsers.SAXParser;
import javax.xml.parsers.SAXParserFactory;
-
- import com.sun.org.apache.xalan.internal.xsltc.compiler.util.ErrorMsg;
- import com.sun.org.apache.xalan.internal.xsltc.compiler.util.MethodType;
- import com.sun.org.apache.xalan.internal.xsltc.compiler.util.Type;
- import com.sun.org.apache.xalan.internal.xsltc.compiler.util.TypeCheckError;
- import com.sun.org.apache.xalan.internal.utils.FactoryImpl;
- import com.sun.org.apache.xalan.internal.utils.ObjectFactory;
import org.xml.sax.Attributes;
- import org.xml.sax.helpers.AttributesImpl;
import org.xml.sax.ContentHandler;
import org.xml.sax.InputSource;
import org.xml.sax.Locator;
import org.xml.sax.SAXException;
import org.xml.sax.SAXParseException;
import org.xml.sax.XMLReader;
/**
* @author Jacek Ambroziak
* @author Santiago Pericas-Geertsen
* @author G. Todd Miller
--- 41,62 ----
import java.util.Hashtable;
import java.util.Properties;
import java.util.Stack;
import java.util.StringTokenizer;
import java.util.Vector;
import javax.xml.XMLConstants;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.parsers.SAXParser;
import javax.xml.parsers.SAXParserFactory;
import org.xml.sax.Attributes;
import org.xml.sax.ContentHandler;
import org.xml.sax.InputSource;
import org.xml.sax.Locator;
import org.xml.sax.SAXException;
import org.xml.sax.SAXParseException;
import org.xml.sax.XMLReader;
+ import org.xml.sax.helpers.AttributesImpl;
/**
* @author Jacek Ambroziak
* @author Santiago Pericas-Geertsen
* @author G. Todd Miller
*** 473,482 ****
--- 474,485 ----
}
catch (Exception e) {
factory.setNamespaceAware(true);
}
final SAXParser parser = factory.newSAXParser();
+ parser.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD,
+ _xsltc.getProperty(XMLConstants.ACCESS_EXTERNAL_DTD));
final XMLReader reader = parser.getXMLReader();
return(parse(reader, input));
}
catch (ParserConfigurationException e) {
ErrorMsg err = new ErrorMsg(ErrorMsg.SAX_PARSER_CONFIG_ERR);
*** 545,554 ****
--- 548,576 ----
throw new CompilerException(msg.toString());
}
return(element);
}
else {
+ try {
+ String path = _target;
+ if (path.indexOf(":")==-1) {
+ path = "file:" + path;
+ }
+ path = SystemIDResolver.getAbsoluteURI(path);
+ String accessError = SecuritySupport.checkAccess(path,
+ _xsltc.getProperty(XMLConstants.ACCESS_EXTERNAL_STYLESHEET),
+ XalanConstants.ACCESS_EXTERNAL_ALL);
+ if (accessError != null) {
+ ErrorMsg msg = new ErrorMsg(ErrorMsg.ACCESSING_XSLT_TARGET_ERR,
+ SecuritySupport.sanitizePath(_target), accessError,
+ root);
+ throw new CompilerException(msg.toString());
+ }
+ } catch (IOException ex) {
+ throw new CompilerException(ex);
+ }
+
return(loadExternalStylesheet(_target));
}
}
/**