mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-06-30 18:15:39 +00:00
e31ea91e51
35224: ALF-12038: Remove trailing JSON comma causing IE7 script error
35226: ALF-13401 - Saving PowerPoint (mac 2011) via CIFS fails in Mac OS X Lion
35239: ALF-13409: Further fix to deal with concurrent deletion of a user's site invitations in background
35245: ALF-13281: Enabled use of autocomplete in IE for forms runtime. This change also allows multiple events to be attached per validation handler
35253: ALF-13640: Fixed issues with updating task associations + added new test + fixed existing activiti-component-tests
35271: Translation updates (fixes: ALF-13434) - based on EN r35212. (Dutch still to follow)
35281: ALF-13227: Fix CSS for Wiki layout of nested lists
35284: SPANISH: Update from Gloria
35290: More debug + unit test for mac powerpoint shuffle.
35291: Added isTemporary method
35295: ALF-13453 : Remote Code Execution (can create reverse shell).
- Added ability for XMLUtil parse callers to provide an optional array of XMLFilterImpl to be used while parsing.
-Added secureParseXSL methods that automatically install an XMLFilterImpl that causes a parse failure if any insecure namespaces are encountered.
35303: Fix for ALF-12444 Node Browser improvement: Index single node and remove single node from indexes
Part of ALF-13723 SOLR does not include the same query unit tests as lucene
35305: ALF-13723 SOLR does not include the same query unit tests as lucene
- test template
35306: ALF-13723 SOLR does not include the same query unit tests as lucene
- template for creating test cores
35323: ALF-13420: Natural sort on form option labels and improvement for CSS - specifically to address transform action in document details.
35328: ALF-13409: Avoid concurrency issues in unit test tear downs by deleting users before sites. User deletion deletes invitations synchronously. Site deletion deletes invitations concurrently to avoid UI timeouts. The potential to access invitations that are being concurrently deleted still exists, but always did!
35331: ALF-12126: Ensure that DND upload is disabled for users with only consumer access
35335: ALF-13708: Merged V3.4-BUG-FIX (3.4.10) to V4.0-BUG-FIX (4.0.2)
35235: ALF-13673: Amp-loaded duplicated mimetypes should be handled
- Modified code to allow duplicates to replace parts of the existing mimetype definitions.
- A warning is logged each time.
35336: Spanish and Dutch updates from Gloria, based on EN r35212
35355: Merged V3.4-BUG-FIX to V4.0-BUG-FIX
35213: ALF-13686: Merged PATCHES/V3.4.8 to V3.4-BUG-FIX
34943: ALF-13121: Option to create users either as user1 or user1@domain.com after kerberos authentication
- New Kerberos subsystem parameter kerberos.authentication.stripUsernameSuffix introduced
- When true (the default) the @domain sufix will be stripped from Kerberos authenticated usernames in CIFS, SPP, WebDAV and the Web Client
- When false, should enable a multi-domain customer to use Alfresco (says Mr Gninot)
35096: ALF-13121: Added missing stripKerberosUsernameSuffix property to sharepointAuthenticationHandler
35215: ALF-13065: Ensure Wiki new page save button is available on HTML edit action
35219: ALF-11898: Fixed TinyMCE create HTML content problem for Explorer client
35261: Translation updates based on EN r35144
35339: AD 2008 R2, user import via LDAP fails with over 1000 users
- Problem discovered by Community user with simple workaround
https://forums.alfresco.com/en/viewtopic.php?f=57&t=43960&sid=5569e5cfbccb3776e11ef4a8e9d50378&p=129664#p129664
35353: Merged V3.4 to V3.4-BUG-FIX
35279: ALF-13713: Merged PATCHES/V3.4.8 to V3.4
35146: Merged DEV to PATCHES/V3.4.8
35130: ALF-13472: Webdav Does not allow a user to access spaces without read permission on parent spaces
Receiving of indirect lock is wrapped into AuthenticationUtil.runAs() invocation to provide a possibility of getting indirect lock for users with appropriate access rights for requested resource
35280: ALF-10353: Internet Explorer hangs when using the object picker with a larger number of documents
- reviewed by DD
35318: ALF-13715: Merged HEAD to V3.4
31743: Fixed ALF-10157: Web Form Details page for the "Selected Web Content Forms": script error appears on help button click: container.jsp (line 382)
35341: ALF-13552: Merged V4.0 to V3.4
35296: ALF-13453: Remote Code Execution (can create reverse shell) - Fix by Shane
35304: ALF-13453: Extra fix to ensure xalan namespace isn't declared with global scope and can't be hijacked by an input stylesheet
35307: ALF-13453: Duplicated extra fix to duplicate code in XSLTRenderingEngine!
35354: Merged V3.4 to V3.4-BUG-FIX (RECORD ONLY)
35266: Merged V3.4-BUG-FIX to V3.4
35261: Translation updates based on EN r35144
35334: Merged V3.4-BUG-FIX to V3.4
35235: ALF-13673: Amp-loaded duplicated mimetypes should be handled
- Modified code to allow duplicates to replace parts of the existing mimetype definitions.
- A warning is logged each time.
35356: Merged V4.0 to V4.0-BUG-FIX
35292: ALF-13721: Merged PATCHES/V4.0.0 to V4.0
35240: Fix for ALF-13685 The SOLr textContent webscript is not protected by authentication and permission checks.
35242: Fix for ALF-13685 The SOLr textContent webscript is not protected by authentication and permission checks.
- /wcs/api/solr and /wcservice/api/solr
35304: ALF-13453: Extra fix to ensure xalan namespace isn't declared with global scope and can't be hijacked by an input stylesheet
35307: ALF-13453: Duplicated extra fix to duplicate code in XSLTRenderingEngine!
35357: Merged V4.0 to V4.0-BUG-FIX (RECORD ONLY)
35048: Merged V4.0-BUG-FIX to V4.0
35031: Fix for ALF-12309: Script errors on site pages
35293: Merged V4.0-BUG-FIX to V4.0
35172: ALF-13626: category.put.json.ftl has wrong bracket
35296: Merged V4.0-BUG-FIX to V4.0
35295: ALF-13453: Remote Code Execution (can create reverse shell)
- Fix by Shane
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@35359 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
548 lines
16 KiB
Java
548 lines
16 KiB
Java
/*
|
|
* Copyright (C) 2005-2010 Alfresco Software Limited.
|
|
*
|
|
* This file is part of Alfresco
|
|
*
|
|
* Alfresco is free software: you can redistribute it and/or modify
|
|
* it under the terms of the GNU Lesser General Public License as published by
|
|
* the Free Software Foundation, either version 3 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* Alfresco is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU Lesser General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Lesser General Public License
|
|
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
|
|
*/
|
|
|
|
package org.alfresco.util;
|
|
|
|
import java.io.ByteArrayInputStream;
|
|
import java.io.CharArrayReader;
|
|
import java.io.File;
|
|
import java.io.FileInputStream;
|
|
import java.io.FileWriter;
|
|
import java.io.IOException;
|
|
import java.io.InputStream;
|
|
import java.io.Reader;
|
|
import java.io.StringWriter;
|
|
import java.io.Writer;
|
|
import java.util.LinkedList;
|
|
import java.util.List;
|
|
|
|
import javax.xml.parsers.DocumentBuilder;
|
|
import javax.xml.parsers.DocumentBuilderFactory;
|
|
import javax.xml.parsers.ParserConfigurationException;
|
|
import javax.xml.transform.OutputKeys;
|
|
import javax.xml.transform.Transformer;
|
|
import javax.xml.transform.TransformerException;
|
|
import javax.xml.transform.TransformerFactory;
|
|
import javax.xml.transform.dom.DOMResult;
|
|
import javax.xml.transform.dom.DOMSource;
|
|
import javax.xml.transform.sax.SAXTransformerFactory;
|
|
import javax.xml.transform.sax.TransformerHandler;
|
|
import javax.xml.transform.stream.StreamResult;
|
|
|
|
import org.alfresco.model.ContentModel;
|
|
import org.alfresco.service.cmr.avm.AVMService;
|
|
import org.alfresco.service.cmr.repository.ContentReader;
|
|
import org.alfresco.service.cmr.repository.ContentService;
|
|
import org.alfresco.service.cmr.repository.NodeRef;
|
|
import org.apache.commons.logging.Log;
|
|
import org.apache.commons.logging.LogFactory;
|
|
import org.w3c.dom.Attr;
|
|
import org.w3c.dom.Document;
|
|
import org.w3c.dom.Element;
|
|
import org.w3c.dom.Node;
|
|
import org.w3c.dom.NodeList;
|
|
import org.w3c.dom.Text;
|
|
import org.xml.sax.Attributes;
|
|
import org.xml.sax.InputSource;
|
|
import org.xml.sax.SAXException;
|
|
import org.xml.sax.XMLFilter;
|
|
import org.xml.sax.XMLReader;
|
|
import org.xml.sax.helpers.XMLFilterImpl;
|
|
import org.xml.sax.helpers.XMLReaderFactory;
|
|
|
|
/**
|
|
* XML utility functions.
|
|
*
|
|
* @author Ariel Backenroth
|
|
*/
|
|
public class XMLUtil
|
|
{
|
|
private static final Log LOGGER = LogFactory.getLog(XMLUtil.class);
|
|
|
|
/** utility function for creating a document */
|
|
public static Document newDocument()
|
|
{
|
|
return XMLUtil.getDocumentBuilder().newDocument();
|
|
}
|
|
|
|
/** utility function for serializing a node */
|
|
public static void print(final Node n, final Writer output)
|
|
{
|
|
XMLUtil.print(n, output, true);
|
|
}
|
|
|
|
/** utility function for serializing a node */
|
|
public static void print(final Node n, final Writer output, final boolean indent)
|
|
{
|
|
try
|
|
{
|
|
final TransformerFactory tf = TransformerFactory.newInstance();
|
|
final Transformer t = tf.newTransformer();
|
|
t.setOutputProperty(OutputKeys.INDENT, indent ? "yes" : "no");
|
|
t.setOutputProperty(OutputKeys.ENCODING, "UTF-8");
|
|
t.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "no");
|
|
t.setOutputProperty(OutputKeys.METHOD, "xml");
|
|
if (LOGGER.isDebugEnabled())
|
|
{
|
|
LOGGER.debug("writing out a document for " +
|
|
(n instanceof Document
|
|
? ((Document)n).getDocumentElement()
|
|
: n).getNodeName() +
|
|
" to " + (output instanceof StringWriter
|
|
? "string"
|
|
: output));
|
|
}
|
|
t.transform(new DOMSource(n), new StreamResult(output));
|
|
}
|
|
catch (TransformerException te)
|
|
{
|
|
te.printStackTrace();
|
|
assert false : te.getMessage();
|
|
}
|
|
}
|
|
|
|
/** utility function for serializing a node */
|
|
public static void print(final Node n, final File output)
|
|
throws IOException
|
|
{
|
|
XMLUtil.print(n, new FileWriter(output));
|
|
}
|
|
|
|
/** utility function for serializing a node */
|
|
public static String toString(final Node n)
|
|
{
|
|
return XMLUtil.toString(n, true);
|
|
}
|
|
|
|
/** utility function for serializing a node */
|
|
public static String toString(final Node n, final boolean indent)
|
|
{
|
|
final StringWriter result = new StringWriter();
|
|
XMLUtil.print(n, result, indent);
|
|
return result.toString();
|
|
}
|
|
|
|
/** utility function for parsing xml */
|
|
public static Document parse(final String source, final XMLFilter... filters)
|
|
throws SAXException,
|
|
IOException
|
|
{
|
|
return XMLUtil.parse(new CharArrayReader(source.toCharArray()), filters);
|
|
}
|
|
|
|
public static Document secureParseXSL (final String source, final XMLFilter... filters)
|
|
throws SAXException,
|
|
IOException
|
|
{
|
|
return parse(new CharArrayReader(source.toCharArray()), addSecurityFilter(filters));
|
|
}
|
|
|
|
/** utility function for parsing xml */
|
|
public static Document parse(final NodeRef nodeRef,
|
|
final ContentService contentService,
|
|
final XMLFilter... filters)
|
|
throws SAXException,
|
|
IOException
|
|
{
|
|
final ContentReader contentReader =
|
|
contentService.getReader(nodeRef, ContentModel.TYPE_CONTENT);
|
|
final InputStream in = contentReader.getContentInputStream();
|
|
return XMLUtil.parse(in, filters);
|
|
}
|
|
|
|
public static Document secureParseXSL(final NodeRef nodeRef,
|
|
final ContentService contentService,
|
|
final XMLFilter... filters)
|
|
throws SAXException,
|
|
IOException
|
|
{
|
|
final ContentReader contentReader =
|
|
contentService.getReader(nodeRef, ContentModel.TYPE_CONTENT);
|
|
final InputStream in = contentReader.getContentInputStream();
|
|
return parse(in, addSecurityFilter(filters));
|
|
}
|
|
|
|
/** utility function for parsing xml */
|
|
public static Document parse(final int version,
|
|
final String path,
|
|
final AVMService avmService,
|
|
final XMLFilter...filters)
|
|
throws SAXException,
|
|
IOException
|
|
{
|
|
return XMLUtil.parse(avmService.getFileInputStream(version, path), filters);
|
|
}
|
|
|
|
public static Document secureParseXSL(final int version,
|
|
final String path,
|
|
final AVMService avmService,
|
|
final XMLFilter... filters)
|
|
throws SAXException,
|
|
IOException
|
|
{
|
|
return parse(avmService.getFileInputStream(version, path), addSecurityFilter(filters));
|
|
}
|
|
|
|
/** utility function for parsing xml */
|
|
public static Document parse(final File source,
|
|
final XMLFilter... filters)
|
|
throws SAXException,
|
|
IOException
|
|
{
|
|
return XMLUtil.parse(new FileInputStream(source), filters);
|
|
}
|
|
|
|
public static Document secureParseXSL(final File source,
|
|
final XMLFilter... filters)
|
|
throws SAXException,
|
|
IOException
|
|
{
|
|
return parse(new FileInputStream(source), addSecurityFilter(filters));
|
|
}
|
|
|
|
private static Document parseWithXMLFilters(final InputSource source,
|
|
final XMLFilter... filters)
|
|
throws SAXException,
|
|
IOException
|
|
{
|
|
return parseWithXMLFilters(source, false, filters);
|
|
}
|
|
|
|
private static Document parseWithXMLFilters(final InputSource source,
|
|
final boolean validating,
|
|
final XMLFilter... filters)
|
|
throws SAXException,
|
|
IOException
|
|
{
|
|
TransformerFactory tf = TransformerFactory.newInstance();
|
|
// Check to make sure this is a SAX TransformerFactory
|
|
if (!tf.getFeature(SAXTransformerFactory.FEATURE))
|
|
{
|
|
throw new SAXException("SAX Transformation factory not found.");
|
|
}
|
|
// Cast to appropriate factory class
|
|
SAXTransformerFactory stf = (SAXTransformerFactory) tf;
|
|
final DocumentBuilder db = XMLUtil.getDocumentBuilder(true, validating);
|
|
|
|
if (filters == null || filters.length == 0)
|
|
{
|
|
// No filters. Process this as normal.
|
|
return db.parse(source);
|
|
}
|
|
else
|
|
{
|
|
// Process with filters
|
|
try
|
|
{
|
|
final Document doc = db.newDocument();
|
|
final TransformerHandler th = stf.newTransformerHandler();
|
|
// Specify transformation to DOMResult with empty Node container (Document)
|
|
th.setResult(new DOMResult(doc));
|
|
XMLReader reader = XMLReaderFactory.createXMLReader();
|
|
|
|
//emulate what the document builder parser supports
|
|
//all readers are required to support namespaces and namespace-prefixes
|
|
reader.setFeature("http://xml.org/sax/features/namespaces", db.isNamespaceAware());
|
|
reader.setFeature("http://xml.org/sax/features/namespace-prefixes", db.isNamespaceAware() ? true : false);
|
|
|
|
// Chain multiple filters together
|
|
int i = 0;
|
|
XMLFilter filter = null;
|
|
for (XMLFilter f : filters)
|
|
{
|
|
// there can be no null in the filter list
|
|
if (f == null)
|
|
throw new SAXException("Nulls are not allowed in XML filter list.");
|
|
// if first item then set new reader
|
|
if (i == 0)
|
|
f.setParent(reader);
|
|
else
|
|
// set parent filter to previous element in the array
|
|
f.setParent(filters[i - 1]);
|
|
|
|
filter = f;
|
|
i++;
|
|
}
|
|
//not sure how filter could be null
|
|
if (filter != null)
|
|
{
|
|
filter.setContentHandler(th);
|
|
filter.parse(source);
|
|
try
|
|
{
|
|
//try to activate/deactivate validation
|
|
filter.setFeature("http://xml.org/sax/features/validation", db.isValidating());
|
|
}
|
|
catch (SAXException se)
|
|
{
|
|
LOGGER.warn("XML reader does not support validation feature.", se);
|
|
}
|
|
}
|
|
else
|
|
{
|
|
//not sure how we could get here
|
|
throw new SAXException("No XML filters available to process this request.");
|
|
}
|
|
if (LOGGER.isDebugEnabled()) {
|
|
StringWriter writer = new StringWriter();
|
|
XMLUtil.print(doc, writer);
|
|
LOGGER.debug(writer);
|
|
}
|
|
return doc;
|
|
}
|
|
catch (TransformerException tce)
|
|
{
|
|
throw new SAXException(tce);
|
|
}
|
|
}
|
|
}
|
|
|
|
/** utility function for parsing xml */
|
|
public static Document parse(final InputStream source, final XMLFilter... filters)
|
|
throws SAXException,
|
|
IOException
|
|
{
|
|
try
|
|
{
|
|
return parseWithXMLFilters(new InputSource(source), filters);
|
|
}
|
|
finally
|
|
{
|
|
source.close();
|
|
}
|
|
}
|
|
|
|
/** secure parse for InputStream source */
|
|
public static Document secureParseXSL(final InputStream source,
|
|
final XMLFilter... filters)
|
|
throws SAXException,
|
|
IOException
|
|
{
|
|
return parse(source, addSecurityFilter(filters));
|
|
}
|
|
|
|
/** utility function for parsing xml */
|
|
public static Document parse(final Reader source,
|
|
final XMLFilter... filters)
|
|
throws SAXException,
|
|
IOException
|
|
{
|
|
try
|
|
{
|
|
return parseWithXMLFilters(new InputSource(source), filters);
|
|
}
|
|
finally
|
|
{
|
|
source.close();
|
|
}
|
|
}
|
|
|
|
/** secure parse for Reader source **/
|
|
public static Document secureParseXSL(final Reader source,
|
|
final XMLFilter... filters)
|
|
throws SAXException,
|
|
IOException
|
|
{
|
|
return parse(source, addSecurityFilter(filters));
|
|
}
|
|
|
|
/** provides a document builder that is namespace aware but not validating by default */
|
|
public static DocumentBuilder getDocumentBuilder()
|
|
{
|
|
return XMLUtil.getDocumentBuilder(true, false);
|
|
}
|
|
|
|
/**
|
|
* FOR DIAGNOSTIC PURPOSES ONLY - incomplete<br/>
|
|
* Builds a path to the node relative to the to node provided.
|
|
* @param from the node from which to build the xpath
|
|
* @param to an ancestor of <tt>from</tt> which will be the root of the path
|
|
* @return an xpath to <tt>to</tt> rooted at <tt>from</tt>.
|
|
*/
|
|
public static String buildXPath(final Node from, final Element to)
|
|
{
|
|
String result = "";
|
|
Node tmp = from;
|
|
do
|
|
{
|
|
if (tmp instanceof Attr)
|
|
{
|
|
assert result.length() == 0;
|
|
result = "@" + tmp.getNodeName();
|
|
}
|
|
else if (tmp instanceof Element)
|
|
{
|
|
Node tmp2 = tmp;
|
|
int position = 1;
|
|
while (tmp2.getPreviousSibling() != null)
|
|
{
|
|
if (tmp2.getNodeName().equals(tmp.getNodeName()))
|
|
{
|
|
position++;
|
|
}
|
|
tmp2 = tmp2.getPreviousSibling();
|
|
}
|
|
String part = tmp.getNodeName() + "[" + position + "]";
|
|
result = "/" + part + result;
|
|
}
|
|
else if (tmp instanceof Text)
|
|
{
|
|
assert result.length() == 0;
|
|
result = "/text()";
|
|
}
|
|
else
|
|
{
|
|
if (LOGGER.isDebugEnabled())
|
|
{
|
|
throw new IllegalArgumentException("unsupported node type " + tmp);
|
|
}
|
|
}
|
|
tmp = tmp.getParentNode();
|
|
}
|
|
while (tmp != to.getParentNode() && tmp != null);
|
|
return result;
|
|
}
|
|
|
|
public static DocumentBuilder getDocumentBuilder(final boolean namespaceAware,
|
|
final boolean validating)
|
|
{
|
|
try
|
|
{
|
|
final DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
|
|
dbf.setNamespaceAware(namespaceAware);
|
|
dbf.setValidating(validating);
|
|
return dbf.newDocumentBuilder();
|
|
}
|
|
catch (ParserConfigurationException pce)
|
|
{
|
|
LOGGER.error(pce);
|
|
return null;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Provides a NodeList of multiple nodelists
|
|
*/
|
|
public static NodeList combine(final NodeList... nls)
|
|
{
|
|
|
|
return new NodeList()
|
|
{
|
|
public Node item(final int index)
|
|
{
|
|
int offset = 0;
|
|
for (int i = 0; i < nls.length; i++)
|
|
{
|
|
if (index - offset < nls[i].getLength())
|
|
{
|
|
return nls[i].item(index - offset);
|
|
}
|
|
else
|
|
{
|
|
offset += nls[i].getLength();
|
|
}
|
|
}
|
|
return null;
|
|
}
|
|
|
|
public int getLength()
|
|
{
|
|
int result = 0;
|
|
for (int i = 0; i < nls.length; i++)
|
|
{
|
|
result += nls[i].getLength();
|
|
}
|
|
return result;
|
|
}
|
|
};
|
|
}
|
|
|
|
/**
|
|
* returns a new array of filters with the security filter at the head of the array
|
|
*/
|
|
private static XMLFilter[] addSecurityFilter(XMLFilter...filters) {
|
|
if (filters == null || filters.length == 0) {
|
|
return new XMLFilter[] {new FastFailSecureXMLFilter()};
|
|
} else {
|
|
XMLFilter[] xmlfilters = new XMLFilter[filters.length + 1];
|
|
xmlfilters[0] = new FastFailSecureXMLFilter();
|
|
System.arraycopy(filters, 0, xmlfilters, 1, filters.length);
|
|
return xmlfilters;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* XMLFilter that throws an exception when it comes across any insecure namespaces
|
|
*/
|
|
private static class FastFailSecureXMLFilter extends XMLFilterImpl
|
|
{
|
|
|
|
private static final List<String> insecureURIs = new LinkedList<String>()
|
|
{
|
|
private static final long serialVersionUID = 1L;
|
|
|
|
{
|
|
add("xalan://");
|
|
add("http://xml.apache.org/xalan/java");
|
|
add("http://xml.apache.org/xslt/java");
|
|
add("http://xml.apache.org/java");
|
|
}
|
|
};
|
|
|
|
public FastFailSecureXMLFilter()
|
|
{
|
|
};
|
|
|
|
public void startPrefixMapping(String prefix, String uri)
|
|
throws SAXException
|
|
{
|
|
if (isInsecureURI(uri))
|
|
{
|
|
throw new SAXException("Insecure namespace: " + uri);
|
|
}
|
|
super.startPrefixMapping(prefix, uri);
|
|
}
|
|
|
|
|
|
public void startElement (String uri,
|
|
String localName,
|
|
String qName,
|
|
final Attributes atts)
|
|
throws SAXException
|
|
{
|
|
|
|
if (isInsecureURI(uri))
|
|
{
|
|
throw new SAXException("Insecure namespace: " + uri);
|
|
}
|
|
super.startElement(uri, localName, qName, atts);
|
|
}
|
|
|
|
private boolean isInsecureURI(String uri)
|
|
{
|
|
for (String insecureURI : insecureURIs)
|
|
{
|
|
if (uri.startsWith(insecureURI)) return true;
|
|
}
|
|
return false;
|
|
}
|
|
|
|
}
|
|
}
|