From cf19d66e815bddcde47a97fc48be23eacfa221a0 Mon Sep 17 00:00:00 2001 From: "Hugh.C" Date: Mon, 26 Apr 2021 15:41:38 +0800 Subject: [PATCH] =?UTF-8?q?DEC-17989=20itext=20XXE=E5=AE=89=E5=85=A8?= =?UTF-8?q?=E6=BC=8F=E6=B4=9E=E4=BF=AE=E5=A4=8D=EF=BC=8C=E5=8F=82=E8=80=83?= =?UTF-8?q?=20https://github.com/itext/itext7/commit/930a1c81f8ea4952df540?= =?UTF-8?q?f041befbfa2d6757838?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../lowagie/text/SafeEmptyEntityResolver.java | 18 ++++++++++++++++++ .../fr/third/com/lowagie/text/pdf/XfaForm.java | 2 ++ .../com/lowagie/text/xml/xmp/XmpReader.java | 2 ++ .../lowagie/text/SafeEmptyEntityResolver.java | 18 ++++++++++++++++++ .../fr/third/v2/lowagie/text/pdf/XfaForm.java | 2 ++ .../v2/lowagie/text/xml/xmp/XmpReader.java | 2 ++ 6 files changed, 44 insertions(+) create mode 100644 fine-itext-old/src/main/java/com/fr/third/com/lowagie/text/SafeEmptyEntityResolver.java create mode 100644 fine-itext/src/main/java/com/fr/third/v2/lowagie/text/SafeEmptyEntityResolver.java diff --git a/fine-itext-old/src/main/java/com/fr/third/com/lowagie/text/SafeEmptyEntityResolver.java b/fine-itext-old/src/main/java/com/fr/third/com/lowagie/text/SafeEmptyEntityResolver.java new file mode 100644 index 000000000..dd4c359ce --- /dev/null +++ b/fine-itext-old/src/main/java/com/fr/third/com/lowagie/text/SafeEmptyEntityResolver.java @@ -0,0 +1,18 @@ +package com.fr.third.com.lowagie.text; + +import java.io.IOException; +import java.io.StringReader; +import org.xml.sax.EntityResolver; +import org.xml.sax.InputSource; +import org.xml.sax.SAXException; + +/** + * @author Hugh.C + * @version 1.0 + * Created by Hugh.C on 2021/4/26 + */ +public class SafeEmptyEntityResolver implements EntityResolver { + public InputSource resolveEntity(String publicId, String systemId) throws SAXException, IOException { + return new InputSource(new StringReader("")); + } +} diff --git a/fine-itext-old/src/main/java/com/fr/third/com/lowagie/text/pdf/XfaForm.java b/fine-itext-old/src/main/java/com/fr/third/com/lowagie/text/pdf/XfaForm.java index 20cdde052..5677fbc38 100644 --- a/fine-itext-old/src/main/java/com/fr/third/com/lowagie/text/pdf/XfaForm.java +++ b/fine-itext-old/src/main/java/com/fr/third/com/lowagie/text/pdf/XfaForm.java @@ -49,6 +49,7 @@ package com.fr.third.com.lowagie.text.pdf; +import com.fr.third.com.lowagie.text.SafeEmptyEntityResolver; import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; @@ -140,6 +141,7 @@ public class XfaForm { DocumentBuilderFactory fact = DocumentBuilderFactory.newInstance(); fact.setNamespaceAware(true); DocumentBuilder db = fact.newDocumentBuilder(); + db.setEntityResolver(new SafeEmptyEntityResolver()); domDocument = db.parse(new ByteArrayInputStream(bout.toByteArray())); extractNodes(); } diff --git a/fine-itext-old/src/main/java/com/fr/third/com/lowagie/text/xml/xmp/XmpReader.java b/fine-itext-old/src/main/java/com/fr/third/com/lowagie/text/xml/xmp/XmpReader.java index 37eaee16d..c3bae5426 100644 --- a/fine-itext-old/src/main/java/com/fr/third/com/lowagie/text/xml/xmp/XmpReader.java +++ b/fine-itext-old/src/main/java/com/fr/third/com/lowagie/text/xml/xmp/XmpReader.java @@ -46,6 +46,7 @@ */ package com.fr.third.com.lowagie.text.xml.xmp; +import com.fr.third.com.lowagie.text.SafeEmptyEntityResolver; import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; @@ -85,6 +86,7 @@ public class XmpReader { DocumentBuilderFactory fact = DocumentBuilderFactory.newInstance(); fact.setNamespaceAware(true); DocumentBuilder db = fact.newDocumentBuilder(); + db.setEntityResolver(new SafeEmptyEntityResolver()); ByteArrayInputStream bais = new ByteArrayInputStream(bytes); domDocument = db.parse(bais); } catch (ParserConfigurationException e) { diff --git a/fine-itext/src/main/java/com/fr/third/v2/lowagie/text/SafeEmptyEntityResolver.java b/fine-itext/src/main/java/com/fr/third/v2/lowagie/text/SafeEmptyEntityResolver.java new file mode 100644 index 000000000..c23d71ef2 --- /dev/null +++ b/fine-itext/src/main/java/com/fr/third/v2/lowagie/text/SafeEmptyEntityResolver.java @@ -0,0 +1,18 @@ +package com.fr.third.v2.lowagie.text; + +import java.io.IOException; +import java.io.StringReader; +import org.xml.sax.EntityResolver; +import org.xml.sax.InputSource; +import org.xml.sax.SAXException; + +/** + * @author Hugh.C + * @version 1.0 + * Created by Hugh.C on 2021/4/26 + */ +public class SafeEmptyEntityResolver implements EntityResolver { + public InputSource resolveEntity(String publicId, String systemId) throws SAXException, IOException { + return new InputSource(new StringReader("")); + } +} diff --git a/fine-itext/src/main/java/com/fr/third/v2/lowagie/text/pdf/XfaForm.java b/fine-itext/src/main/java/com/fr/third/v2/lowagie/text/pdf/XfaForm.java index 6ffbed536..71b701bf5 100644 --- a/fine-itext/src/main/java/com/fr/third/v2/lowagie/text/pdf/XfaForm.java +++ b/fine-itext/src/main/java/com/fr/third/v2/lowagie/text/pdf/XfaForm.java @@ -49,6 +49,7 @@ package com.fr.third.v2.lowagie.text.pdf; +import com.fr.third.v2.lowagie.text.SafeEmptyEntityResolver; import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; @@ -140,6 +141,7 @@ public class XfaForm { DocumentBuilderFactory fact = DocumentBuilderFactory.newInstance(); fact.setNamespaceAware(true); DocumentBuilder db = fact.newDocumentBuilder(); + db.setEntityResolver(new SafeEmptyEntityResolver()); domDocument = db.parse(new ByteArrayInputStream(bout.toByteArray())); extractNodes(); } diff --git a/fine-itext/src/main/java/com/fr/third/v2/lowagie/text/xml/xmp/XmpReader.java b/fine-itext/src/main/java/com/fr/third/v2/lowagie/text/xml/xmp/XmpReader.java index cf0cf770a..ab3550c0c 100644 --- a/fine-itext/src/main/java/com/fr/third/v2/lowagie/text/xml/xmp/XmpReader.java +++ b/fine-itext/src/main/java/com/fr/third/v2/lowagie/text/xml/xmp/XmpReader.java @@ -46,6 +46,7 @@ */ package com.fr.third.v2.lowagie.text.xml.xmp; +import com.fr.third.v2.lowagie.text.SafeEmptyEntityResolver; import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; @@ -85,6 +86,7 @@ public class XmpReader { DocumentBuilderFactory fact = DocumentBuilderFactory.newInstance(); fact.setNamespaceAware(true); DocumentBuilder db = fact.newDocumentBuilder(); + db.setEntityResolver(new SafeEmptyEntityResolver()); ByteArrayInputStream bais = new ByteArrayInputStream(bytes); domDocument = db.parse(bais); } catch (ParserConfigurationException e) {