diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2016-02-10 13:13:48 +0100 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2016-02-10 13:13:48 +0100 |
commit | 8b29eb9a19c4dcf6e30e34e41b8c6db61a21adb6 (patch) | |
tree | 782b07c818bffa60068a3409477f198d953aaf39 /common/src | |
parent | 3f752412b85561e4207cd6fd7c2872da68e5133f (diff) | |
parent | d1a26145ba00478249a8f006d74be49f857b1f34 (diff) | |
download | moa-id-spss-8b29eb9a19c4dcf6e30e34e41b8c6db61a21adb6.tar.gz moa-id-spss-8b29eb9a19c4dcf6e30e34e41b8c6db61a21adb6.tar.bz2 moa-id-spss-8b29eb9a19c4dcf6e30e34e41b8c6db61a21adb6.zip |
Merge branch 'moa-id-3.0.0-snapshot' into moa-id-3.2_(OPB)
Conflicts:
id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
Diffstat (limited to 'common/src')
-rw-r--r-- | common/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/common/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java b/common/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java index 2b816ed4c..0a07fc4a7 100644 --- a/common/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java +++ b/common/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java @@ -246,6 +246,10 @@ public class DOMUtils { parser.setFeature(CREATE_ENTITY_REF_NODES_FEATURE, false); parser.setFeature(EXTERNAL_GENERAL_ENTITIES_FEATURE, false); parser.setFeature(EXTERNAL_PARAMETER_ENTITIES_FEATURE, false); + + //fix XXE problem + parser.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); + if (validating) { if (externalSchemaLocations != null) { |