src/com/sun/org/apache/xerces/internal/impl/xs/traversers/XSDHandler.java
Print this page
*** 75,84 ****
--- 75,85 ----
import com.sun.org.apache.xerces.internal.util.StAXLocationWrapper;
import com.sun.org.apache.xerces.internal.util.SymbolHash;
import com.sun.org.apache.xerces.internal.util.SymbolTable;
import com.sun.org.apache.xerces.internal.util.XMLSymbols;
import com.sun.org.apache.xerces.internal.util.URI.MalformedURIException;
+ import com.sun.org.apache.xerces.internal.utils.SecuritySupport;
import com.sun.org.apache.xerces.internal.xni.QName;
import com.sun.org.apache.xerces.internal.xni.XNIException;
import com.sun.org.apache.xerces.internal.xni.grammars.Grammar;
import com.sun.org.apache.xerces.internal.xni.grammars.XMLGrammarDescription;
import com.sun.org.apache.xerces.internal.xni.grammars.XMLGrammarPool;
*** 103,112 ****
--- 104,114 ----
import com.sun.org.apache.xerces.internal.xs.XSParticle;
import com.sun.org.apache.xerces.internal.xs.XSSimpleTypeDefinition;
import com.sun.org.apache.xerces.internal.xs.XSTerm;
import com.sun.org.apache.xerces.internal.xs.XSTypeDefinition;
import com.sun.org.apache.xerces.internal.xs.datatypes.ObjectList;
+ import javax.xml.XMLConstants;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;
*** 219,228 ****
--- 221,236 ----
/** Property identifier: locale. */
protected static final String LOCALE =
Constants.XERCES_PROPERTY_PREFIX + Constants.LOCALE_PROPERTY;
+ /** property identifier: access external dtd. */
+ public static final String ACCESS_EXTERNAL_DTD = XMLConstants.ACCESS_EXTERNAL_DTD;
+
+ /** Property identifier: access to external schema */
+ public static final String ACCESS_EXTERNAL_SCHEMA = XMLConstants.ACCESS_EXTERNAL_SCHEMA;
+
protected static final boolean DEBUG_NODE_POOL = false;
// Data
// different sorts of declarations; should make lookup and
*** 249,258 ****
--- 257,268 ----
*
* <p>Protected to allow access by any traverser.</p>
*/
protected SecurityManager fSecureProcessing = null;
+ private String fAccessExternalSchema;
+
// These tables correspond to the symbol spaces defined in the
// spec.
// They are keyed with a QName (that is, String("URI,localpart) and
// their values are nodes corresponding to the given name's decl.
// By asking the node for its ownerDocument and looking in
*** 2148,2158 ****
--- 2158,2177 ----
key = new XSDKey(schemaId, referType, schemaNamespace);
if((schemaElement = (Element)fTraversed.get(key)) != null) {
fLastSchemaWasDuplicate = true;
return schemaElement;
}
+ if (referType == XSDDescription.CONTEXT_IMPORT || referType == XSDDescription.CONTEXT_INCLUDE
+ || referType == XSDDescription.CONTEXT_REDEFINE) {
+ String accessError = SecuritySupport.checkAccess(schemaId, fAccessExternalSchema, Constants.ACCESS_EXTERNAL_ALL);
+ if (accessError != null) {
+ reportSchemaFatalError("schema_reference.access",
+ new Object[] { SecuritySupport.sanitizePath(schemaId), accessError },
+ referElement);
}
+ }
+ }
fSchemaParser.parse(schemaSource);
Document schemaDocument = fSchemaParser.getDocument();
schemaElement = schemaDocument != null ? DOMUtil.getRoot(schemaDocument) : null;
return getSchemaDocument0(key, schemaId, schemaElement);
*** 3559,3568 ****
--- 3578,3592 ----
fSchemaParser.setProperty(SECURITY_MANAGER, security);
}
} catch (XMLConfigurationException e) {
}
+ //For Schema validation, the secure feature is set to true by default
+ fSchemaParser.setProperty(ACCESS_EXTERNAL_DTD,
+ componentManager.getProperty(ACCESS_EXTERNAL_DTD, Constants.EXTERNAL_ACCESS_DEFAULT));
+ fAccessExternalSchema = (String) componentManager.getProperty(
+ ACCESS_EXTERNAL_SCHEMA, Constants.EXTERNAL_ACCESS_DEFAULT);
} // reset(XMLComponentManager)
/**
* Traverse all the deferred local elements. This method should be called