From 4c439e9facdb9b2c7eb2709ce709adc60f469111 Mon Sep 17 00:00:00 2001 From: Alan Davis Date: Sat, 1 Feb 2014 20:05:48 +0000 Subject: [PATCH] MNT-10589: Merged V4.2-BUG-FIX (4.2.2) to V4.2.1 (4.2.1) 60891: Merged BRANCHES/DEV/V4.1-BUG-FIX to BRANCHES/DEV/V4.2-BUG-FIX: 60889: Merged BRANCHES/DEV/V3.4-BUG-FIX to BRANCHES/DEV/V4.1-BUG-FIX: 60873: MNT-10560: Security: The Apache Xerces XML parser exposes security vulnerabilities 60876: MNT-10560: Security: The Apache Xerces XML parser exposes security vulnerabilities 60887: MNT-10560: Security: The Apache Xerces XML parser exposes security vulnerabilities git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/PATCHES/V4.2.1/root@60909 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261 --- source/java/org/alfresco/web/forms/FormDataFunctions.java | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/source/java/org/alfresco/web/forms/FormDataFunctions.java b/source/java/org/alfresco/web/forms/FormDataFunctions.java index 1c46483ca5..a1838ac924 100644 --- a/source/java/org/alfresco/web/forms/FormDataFunctions.java +++ b/source/java/org/alfresco/web/forms/FormDataFunctions.java @@ -30,6 +30,7 @@ import org.alfresco.model.WCMAppModel; import org.alfresco.repo.domain.PropertyValue; import org.alfresco.service.cmr.avm.AVMNodeDescriptor; import org.alfresco.service.cmr.remote.AVMRemote; +import org.alfresco.util.XMLUtil; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.w3c.dom.Document; @@ -147,10 +148,8 @@ public class FormDataFunctions DocumentBuilderFactory localDbf = dbf.get(); if (localDbf == null) { - localDbf = DocumentBuilderFactory.newInstance(); + localDbf = XMLUtil.getDocumentBuilderFactory(true, false); } - localDbf.setNamespaceAware(true); - localDbf.setValidating(false); dbf.set(localDbf); DocumentBuilder builder = localDbf.newDocumentBuilder(); result = builder.parse(is);