Update Axis-Lib von 1.0 auf 1.1 aufgrund XXE (Xml eXternal Entity) Injection

git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1214 d688527b-c9ab-4aba-bd8d-4036d912da1d

1 files changed, 11 insertions, 1 deletions

diff --git a/common/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java b/common/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java
index 936423724..5fa31336b 100644
--- a/common/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java
+++ b/common/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java
@@ -200,6 +200,13 @@ public class DOMUtils {
 
     DOMParser parser;
 
+//    class MyEntityResolver implements EntityResolver {
+//
+//		public InputSource resolveEntity(String publicId, String systemId)
+//				throws SAXException, IOException {
+//		    return new InputSource(new ByteArrayInputStream(new byte[0]));
+//		}
+//    }
 
 
 		//if Debug is enabled make a copy of inputStream to enable debug output in case of SAXException
@@ -218,7 +225,7 @@ public class DOMUtils {
     } else {
       parser = new DOMParser();
     }
-
+    
     // set parser features and properties
     try {
 	    parser.setFeature(NAMESPACES_FEATURE, true);
@@ -227,6 +234,8 @@ public class DOMUtils {
 	    parser.setFeature(NORMALIZED_VALUE_FEATURE, false);
 	    parser.setFeature(INCLUDE_IGNORABLE_WHITESPACE_FEATURE, true);
 	    parser.setFeature(CREATE_ENTITY_REF_NODES_FEATURE, false);
+	    //parser.setFeature("http://xml.org/sax/features/external-general-entities", false);
+	    //parser.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
 	
 	    if (validating) {
 	      if (externalSchemaLocations != null) {
@@ -495,6 +504,7 @@ public class DOMUtils {
     parser.setFeature(NAMESPACES_FEATURE, true);
     parser.setFeature(VALIDATION_FEATURE, true);
     parser.setFeature(SCHEMA_VALIDATION_FEATURE, true);
+    
     if (externalSchemaLocations != null) {
       parser.setProperty(
         EXTERNAL_SCHEMA_LOCATION_PROPERTY,