|
 |
b6bbea |
Index: ChangeLog
|
|
|
b6bbea |
===================================================================
|
|
|
b6bbea |
--- ChangeLog (revision 48161)
|
|
|
b6bbea |
+++ ChangeLog (revision 48162)
|
|
|
b6bbea |
@@ -1,3 +1,9 @@
|
|
|
b6bbea |
+Mon Oct 27 20:21:05 2014 NAKAMURA Usaku <usa@ruby-lang.org>
|
|
|
b6bbea |
+
|
|
|
b6bbea |
+ * lib/rexml/entity.rb: keep the entity size within the limitation.
|
|
|
b6bbea |
+ reported by Willis Vandevanter <will@silentrobots.com> and
|
|
|
b6bbea |
+ patched by nahi.
|
|
|
b6bbea |
+
|
|
|
b6bbea |
Mon Sep 22 12:10:29 2014 Tanaka Akira <akr@fsij.org>
|
|
|
b6bbea |
|
|
|
b6bbea |
* test/ruby/test_time_tz.rb: Fix test error with tzdata-2014g.
|
|
|
b6bbea |
Index: lib/rexml/entity.rb
|
|
|
b6bbea |
===================================================================
|
|
|
b6bbea |
--- lib/rexml/entity.rb (revision 48161)
|
|
|
b6bbea |
+++ lib/rexml/entity.rb (revision 48162)
|
|
|
b6bbea |
@@ -138,8 +138,14 @@
|
|
|
b6bbea |
matches = @value.scan(PEREFERENCE_RE)
|
|
|
b6bbea |
rv = @value.clone
|
|
|
b6bbea |
if @parent
|
|
|
b6bbea |
+ sum = 0
|
|
|
b6bbea |
matches.each do |entity_reference|
|
|
|
b6bbea |
entity_value = @parent.entity( entity_reference[0] )
|
|
|
b6bbea |
+ if sum + entity_value.bytesize > Document.entity_expansion_text_limit
|
|
|
b6bbea |
+ raise "entity expansion has grown too large"
|
|
|
b6bbea |
+ else
|
|
|
b6bbea |
+ sum += entity_value.bytesize
|
|
|
b6bbea |
+ end
|
|
|
b6bbea |
rv.gsub!( /%#{entity_reference.join};/um, entity_value )
|
|
|
b6bbea |
end
|
|
|
b6bbea |
end
|
|
|
b6bbea |
Index: test/rexml/test_document.rb
|
|
|
b6bbea |
===================================================================
|
|
|
b6bbea |
--- test/rexml/test_document.rb (revision 48161)
|
|
|
b6bbea |
+++ test/rexml/test_document.rb (revision 48162)
|
|
|
b6bbea |
@@ -47,6 +47,20 @@
|
|
|
b6bbea |
</member>
|
|
|
b6bbea |
EOF
|
|
|
b6bbea |
|
|
|
b6bbea |
+ XML_WITH_NESTED_PARAMETER_ENTITY = <
|
|
|
b6bbea |
+
|
|
|
b6bbea |
+
|
|
|
b6bbea |
+
|
|
|
b6bbea |
+
|
|
|
b6bbea |
+
|
|
|
b6bbea |
+
|
|
|
b6bbea |
+
|
|
|
b6bbea |
+
|
|
|
b6bbea |
+
|
|
|
b6bbea |
+]>
|
|
|
b6bbea |
+<cd></cd>
|
|
|
b6bbea |
+EOF
|
|
|
b6bbea |
+
|
|
|
b6bbea |
XML_WITH_4_ENTITY_EXPANSION = <
|
|
|
b6bbea |
|
|
|
b6bbea |
|
|
|
b6bbea |
@@ -85,6 +99,19 @@
|
|
|
b6bbea |
REXML::Document.entity_expansion_limit = 10000
|
|
|
b6bbea |
end
|
|
|
b6bbea |
|
|
|
b6bbea |
+ def test_entity_expansion_limit_for_parameter_entity
|
|
|
b6bbea |
+ assert_raise(REXML::ParseException) do
|
|
|
b6bbea |
+ REXML::Document.new(XML_WITH_NESTED_PARAMETER_ENTITY)
|
|
|
b6bbea |
+ end
|
|
|
b6bbea |
+ REXML::Document.entity_expansion_limit = 100
|
|
|
b6bbea |
+ assert_equal(100, REXML::Document.entity_expansion_limit)
|
|
|
b6bbea |
+ assert_raise(REXML::ParseException) do
|
|
|
b6bbea |
+ REXML::Document.new(XML_WITH_NESTED_PARAMETER_ENTITY)
|
|
|
b6bbea |
+ end
|
|
|
b6bbea |
+ ensure
|
|
|
b6bbea |
+ REXML::Document.entity_expansion_limit = 10000
|
|
|
b6bbea |
+ end
|
|
|
b6bbea |
+
|
|
|
b6bbea |
def test_tag_in_cdata_with_not_ascii_only_but_ascii8bit_encoding_source
|
|
|
b6bbea |
tag = "..."
|
|
|
b6bbea |
message = "こんにちは、世界!" # Hello world! in Japanese
|
|
|
b6bbea |
Index: test/rexml/test_entity.rb
|
|
|
b6bbea |
===================================================================
|
|
|
b6bbea |
--- test/rexml/test_entity.rb (revision 48161)
|
|
|
b6bbea |
+++ test/rexml/test_entity.rb (revision 48162)
|
|
|
b6bbea |
@@ -122,6 +122,22 @@
|
|
|
b6bbea |
end
|
|
|
b6bbea |
end
|
|
|
b6bbea |
|
|
|
b6bbea |
+ def test_entity_string_limit_for_parameter_entity
|
|
|
b6bbea |
+ template = ' ]><root/>'
|
|
|
b6bbea |
+ len = 5120 # 5k per entity
|
|
|
b6bbea |
+ template.sub!(/\^/, "B" * len)
|
|
|
b6bbea |
+
|
|
|
b6bbea |
+ # 10k is OK
|
|
|
b6bbea |
+ entities = '%a;' * 2 # 5k entity * 2 = 10k
|
|
|
b6bbea |
+ REXML::Document.new(template.sub(/\$/, entities))
|
|
|
b6bbea |
+
|
|
|
b6bbea |
+ # above 10k explodes
|
|
|
b6bbea |
+ entities = '%a;' * 3 # 5k entity * 2 = 15k
|
|
|
b6bbea |
+ assert_raises(REXML::ParseException) do
|
|
|
b6bbea |
+ REXML::Document.new(template.sub(/\$/, entities))
|
|
|
b6bbea |
+ end
|
|
|
b6bbea |
+ end
|
|
|
b6bbea |
+
|
|
|
b6bbea |
def test_raw
|
|
|
b6bbea |
source = '
|
|
|
b6bbea |
|
|
|
b6bbea |
Index: .
|
|
|
b6bbea |
===================================================================
|
|
|
b6bbea |
--- . (revision 48161)
|
|
|
b6bbea |
+++ . (revision 48162)
|
|
|
b6bbea |
|
|
|
b6bbea |
Property changes on: .
|
|
|
b6bbea |
___________________________________________________________________
|
|
|
b6bbea |
Modified: svn:mergeinfo
|
|
|
b6bbea |
Merged /trunk:r48161
|