src/com/sun/org/apache/xerces/internal/xinclude/XIncludeHandler.java

Print this page

        

@@ -24,10 +24,11 @@
 import java.util.ArrayList;
 import java.util.Enumeration;
 import java.util.Locale;
 import java.util.Stack;
 import java.util.StringTokenizer;
+import javax.xml.XMLConstants;
 
 import com.sun.org.apache.xerces.internal.impl.Constants;
 import com.sun.org.apache.xerces.internal.impl.XMLEntityManager;
 import com.sun.org.apache.xerces.internal.impl.XMLErrorReporter;
 import com.sun.org.apache.xerces.internal.impl.io.MalformedByteSequenceException;

@@ -227,10 +228,18 @@
         Constants.XERCES_PROPERTY_PREFIX + Constants.BUFFER_SIZE_PROPERTY;
 
     protected static final String PARSER_SETTINGS =
         Constants.XERCES_FEATURE_PREFIX + Constants.PARSER_SETTINGS;
 
+    /** property identifier: access external dtd. */
+    protected static final String ACCESS_EXTERNAL_DTD = XMLConstants.ACCESS_EXTERNAL_DTD;
+
+    /** access external dtd: file protocol 
+     *  For DOM/SAX, the secure feature is set to true by default
+     */
+    final static String EXTERNAL_ACCESS_DEFAULT = Constants.EXTERNAL_ACCESS_DEFAULT;
+
     /** Recognized features. */
     private static final String[] RECOGNIZED_FEATURES =
         { ALLOW_UE_AND_NOTATION_EVENTS, XINCLUDE_FIXUP_BASE_URIS, XINCLUDE_FIXUP_LANGUAGE };
 
     /** Feature defaults. */

@@ -281,11 +290,17 @@
     protected XIncludeNamespaceSupport fNamespaceContext;
     protected SymbolTable fSymbolTable;
     protected XMLErrorReporter fErrorReporter;
     protected XMLEntityResolver fEntityResolver;
     protected SecurityManager fSecurityManager;
+    /**
+     * comma-delimited list of protocols that are allowed for the purpose
+     * of accessing external dtd or entity references
+     */
+    protected String fAccessExternalDTD = EXTERNAL_ACCESS_DEFAULT;
 
+
     // these are needed for text include processing
     protected XIncludeTextReader fXInclude10TextReader;
     protected XIncludeTextReader fXInclude11TextReader;
 
     // these are needed for XML Base processing

@@ -521,10 +536,12 @@
         }
         catch (XMLConfigurationException e) {
             fSecurityManager = null;
         }
 
+        fAccessExternalDTD = (String)componentManager.getProperty(ACCESS_EXTERNAL_DTD);
+
         // Get buffer size.
         try {
             Integer value =
                 (Integer)componentManager.getProperty(
                     BUFFER_SIZE);

@@ -662,10 +679,18 @@
             if (fChildConfig != null) {
                 fChildConfig.setProperty(propertyId, value);
             }
             return;
         }
+        if (propertyId.equals(ACCESS_EXTERNAL_DTD)) {
+            fAccessExternalDTD = (String)value;
+            if (fChildConfig != null) {
+                fChildConfig.setProperty(propertyId, value);
+            }
+            return;
+        }
+
         if (propertyId.equals(BUFFER_SIZE)) {
             Integer bufferSize = (Integer) value;
             if (fChildConfig != null) {
                 fChildConfig.setProperty(propertyId, value);
             }

@@ -1576,10 +1601,11 @@
                 // use the same symbol table, error reporter, entity resolver, security manager and buffer size.
                 if (fSymbolTable != null) fChildConfig.setProperty(SYMBOL_TABLE, fSymbolTable);
                 if (fErrorReporter != null) fChildConfig.setProperty(ERROR_REPORTER, fErrorReporter);
                 if (fEntityResolver != null) fChildConfig.setProperty(ENTITY_RESOLVER, fEntityResolver);
                 fChildConfig.setProperty(SECURITY_MANAGER, fSecurityManager);
+                fChildConfig.setProperty(ACCESS_EXTERNAL_DTD, fAccessExternalDTD);
                 fChildConfig.setProperty(BUFFER_SIZE, new Integer(fBufferSize));
 
                 // features must be copied to child configuration
                 fNeedCopyFeatures = true;
 

@@ -1689,11 +1715,11 @@
             catch (XNIException e) {
                 // necessary to make sure proper location is reported in errors
                 if (fErrorReporter != null) {
                     fErrorReporter.setDocumentLocator(fDocLocation);
                 }
-                reportFatalError("XMLParseError", new Object[] { href });
+                reportFatalError("XMLParseError", new Object[] { href, e.getMessage() });
             }
             catch (IOException e) {
                 // necessary to make sure proper location is reported in errors
                 if (fErrorReporter != null) {
                     fErrorReporter.setDocumentLocator(fDocLocation);