diff --git a/source/java/org/alfresco/repo/web/scripts/bean/ADMRemoteStore.java b/source/java/org/alfresco/repo/web/scripts/bean/ADMRemoteStore.java index 78598ad581..ae853571bd 100644 --- a/source/java/org/alfresco/repo/web/scripts/bean/ADMRemoteStore.java +++ b/source/java/org/alfresco/repo/web/scripts/bean/ADMRemoteStore.java @@ -70,6 +70,7 @@ import org.alfresco.service.cmr.site.SiteInfo; import org.alfresco.service.cmr.site.SiteService; import org.alfresco.service.namespace.NamespaceService; import org.alfresco.service.namespace.QName; +import org.alfresco.util.XMLUtil; import org.apache.axis.utils.ByteArrayOutputStream; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; @@ -391,7 +392,7 @@ public class ADMRemoteStore extends BaseRemoteStore { try { - DocumentBuilder documentBuilder = DocumentBuilderFactory.newInstance().newDocumentBuilder(); + DocumentBuilder documentBuilder = XMLUtil.getDocumentBuilderFactory(true, false).newDocumentBuilder(); Document document; document = documentBuilder.parse(in); Element docEl = document.getDocumentElement(); diff --git a/source/java/org/alfresco/repo/web/scripts/bean/AVMRemoteStore.java b/source/java/org/alfresco/repo/web/scripts/bean/AVMRemoteStore.java index 015857704b..a782e39a57 100644 --- a/source/java/org/alfresco/repo/web/scripts/bean/AVMRemoteStore.java +++ b/source/java/org/alfresco/repo/web/scripts/bean/AVMRemoteStore.java @@ -47,6 +47,7 @@ import org.alfresco.service.cmr.repository.ContentIOException; import org.alfresco.service.cmr.repository.ContentReader; import org.alfresco.service.cmr.repository.ContentWriter; import org.alfresco.service.cmr.search.SearchService; +import org.alfresco.util.XMLUtil; import org.apache.axis.utils.ByteArrayOutputStream; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; @@ -288,7 +289,7 @@ public class AVMRemoteStore extends BaseRemoteStore try { Set checkedPaths = new HashSet(16); - DocumentBuilder documentBuilder = DocumentBuilderFactory.newInstance().newDocumentBuilder(); + DocumentBuilder documentBuilder = XMLUtil.getDocumentBuilder(); Document document = documentBuilder.parse(in); Element docEl = document.getDocumentElement(); Transformer transformer = AVMRemoteStore.this.transformer.get(); diff --git a/source/java/org/alfresco/repo/webdav/WebDAVMethod.java b/source/java/org/alfresco/repo/webdav/WebDAVMethod.java index 2fe8d282fd..3549363e89 100644 --- a/source/java/org/alfresco/repo/webdav/WebDAVMethod.java +++ b/source/java/org/alfresco/repo/webdav/WebDAVMethod.java @@ -67,6 +67,7 @@ import org.alfresco.service.cmr.security.PermissionService; import org.alfresco.service.namespace.NamespaceService; import org.alfresco.service.transaction.TransactionService; import org.alfresco.util.TempFileProvider; +import org.alfresco.util.XMLUtil; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.dom4j.DocumentHelper; @@ -533,19 +534,7 @@ public abstract class WebDAVMethod try { - DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); - factory.setFeature("http://xml.org/sax/features/validation", false); - factory.setFeature("http://apache.org/xml/features/nonvalidating/load-dtd-grammar", false); - factory.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false); - factory.setFeature("http://xml.org/sax/features/external-general-entities", false); - factory.setFeature("http://xml.org/sax/features/external-parameter-entities", false); - factory.setFeature("http://xml.org/sax/features/use-entity-resolver2", false); - factory.setFeature("http://apache.org/xml/features/validation/unparsed-entity-checking", false); - factory.setFeature("http://apache.org/xml/features/validation/dynamic", false); - factory.setFeature("http://apache.org/xml/features/validation/schema/augment-psvi", false); - factory.setNamespaceAware(true); - - DocumentBuilder builder = factory.newDocumentBuilder(); + DocumentBuilder builder = XMLUtil.getDocumentBuilderFactory(true, false).newDocumentBuilder(); if (m_request.getCharacterEncoding() == null) { // Let the XML parser work out the encoding if it is not explicitly declared in the HTTP header