diff options
author | shyouhei <shyouhei@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2013-05-18 14:55:14 +0000 |
---|---|---|
committer | shyouhei <shyouhei@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2013-05-18 14:55:14 +0000 |
commit | eca9bf617ab517b73598f449388b543d19c72b7d (patch) | |
tree | 361e9c6e2067cd3cb9355fe4b63afb1d884fe3d0 | |
parent | 2ac236dcbd90bd33bfeac4f699763c3baef4038e (diff) |
merge revision(s) 39384,39509,39511: [Backport #7961]
* lib/rexml/document.rb (REXML::Document.entity_expansion_text_limit):
new attribute to read/write entity expansion text limit. the default
limit is 10Kb.
* lib/rexml/text.rb (REXML::Text.unnormalize): check above attribute.
* lib/rexml/document.rb: move entity_expansion_limit accessor to ...
* lib/rexml/rexml.rb: ... here to make rexml/text independent from
REXML::Document. It causes circular require.
* lib/rexml/document.rb (REXML::Document.entity_expansion_limit):
deprecated.
* lib/rexml/document.rb (REXML::Document.entity_expansion_limit=):
deprecated.
* lib/rexml/text.rb: add missing require "rexml/rexml" for
REXML.entity_expansion_limit.
Reported by Robert Ulejczyk. Thanks!!! [ruby-core:52895] [Bug #7961]
* lib/rexml/document.rb: move entity_expansion_text_limit accessor to ...
* lib/rexml/document.rb (REXML::Document.entity_expansion_text_limit):
* lib/rexml/document.rb (REXML::Document.entity_expansion_text_limit=):
REXML.entity_expansion_text_limit.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_7@40812 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
-rw-r--r-- | ChangeLog | 21 | ||||
-rw-r--r-- | lib/rexml/document.rb | 14 | ||||
-rw-r--r-- | lib/rexml/rexml.rb | 12 | ||||
-rw-r--r-- | lib/rexml/text.rb | 53 | ||||
-rw-r--r-- | version.h | 12 |
5 files changed, 79 insertions, 33 deletions
@@ -1,3 +1,24 @@ +Sat May 18 23:34:50 2013 Kouhei Sutou <kou@cozmixng.org> + + * lib/rexml/document.rb: move entity_expansion_text_limit accessor to ... + * lib/rexml/rexml.rb: ... here to make rexml/text independent from + REXML::Document. It causes circular require. + * lib/rexml/document.rb (REXML::Document.entity_expansion_text_limit): + deprecated. + * lib/rexml/document.rb (REXML::Document.entity_expansion_text_limit=): + deprecated. + * lib/rexml/text.rb: add missing require "rexml/rexml" for + REXML.entity_expansion_text_limit. + Reported by Robert Ulejczyk. Thanks!!! [ruby-core:52895] [Bug #7961] + +Sat May 18 23:34:50 2013 Aaron Patterson <aaron@tenderlovemaking.com> + + * lib/rexml/document.rb (REXML::Document.entity_expansion_text_limit): + new attribute to read/write entity expansion text limit. the default + limit is 10Kb. + + * lib/rexml/text.rb (REXML::Text.unnormalize): check above attribute. + Fri Oct 12 12:25:15 2012 URABE Shyouhei <shyouhei@ruby-lang.org> * error.c (name_err_to_s): we need not infect msg. diff --git a/lib/rexml/document.rb b/lib/rexml/document.rb index 3d1300a06b..16a2c77281 100644 --- a/lib/rexml/document.rb +++ b/lib/rexml/document.rb @@ -213,6 +213,20 @@ module REXML return @@entity_expansion_limit end + # Set the entity expansion limit. By default the limit is set to 10240. + # + # Deprecated. Use REXML.entity_expansion_text_limit= instead. + def Document::entity_expansion_text_limit=( val ) + REXML.entity_expansion_text_limit = val + end + + # Get the entity expansion limit. By default the limit is set to 10000. + # + # Deprecated. Use REXML.entity_expansion_text_limit instead. + def Document::entity_expansion_text_limit + return REXML.entity_expansion_text_limit + end + attr_reader :entity_expansion_count def record_entity_expansion diff --git a/lib/rexml/rexml.rb b/lib/rexml/rexml.rb index 95bc2a7f6d..8845300176 100644 --- a/lib/rexml/rexml.rb +++ b/lib/rexml/rexml.rb @@ -29,4 +29,16 @@ module REXML Copyright = COPYRIGHT Version = VERSION + + @@entity_expansion_text_limit = 10_240 + + # Set the entity expansion limit. By default the limit is set to 10240. + def self.entity_expansion_text_limit=( val ) + @@entity_expansion_text_limit = val + end + + # Get the entity expansion limit. By default the limit is set to 10240. + def self.entity_expansion_text_limit + return @@entity_expansion_text_limit + end end diff --git a/lib/rexml/text.rb b/lib/rexml/text.rb index a4a30b6d54..b6dbf45bc9 100644 --- a/lib/rexml/text.rb +++ b/lib/rexml/text.rb @@ -1,3 +1,4 @@ +require 'rexml/rexml' require 'rexml/entity' require 'rexml/doctype' require 'rexml/child' @@ -308,37 +309,35 @@ module REXML # Unescapes all possible entities def Text::unnormalize( string, doctype=nil, filter=nil, illegal=nil ) - rv = string.clone - rv.gsub!( /\r\n?/, "\n" ) - matches = rv.scan( REFERENCE ) - return rv if matches.size == 0 - rv.gsub!( NUMERICENTITY ) {|m| - m=$1 - m = "0#{m}" if m[0] == ?x - [Integer(m)].pack('U*') + sum = 0 + string.gsub( /\r\n?/, "\n" ).gsub( REFERENCE ) { + s = Text.expand($&, doctype, filter) + if sum + s.bytesize > REXML.entity_expansion_text_limit + raise "entity expansion has grown too large" + else + sum += s.bytesize + end + s } - matches.collect!{|x|x[0]}.compact! - if matches.size > 0 - if doctype - matches.each do |entity_reference| - unless filter and filter.include?(entity_reference) - entity_value = doctype.entity( entity_reference ) - re = /&#{entity_reference};/ - rv.gsub!( re, entity_value ) if entity_value - end - end + end + + def Text.expand(ref, doctype, filter) + if ref[1] == ?# + if ref[2] == ?x + [ref[3...-1].to_i(16)].pack('U*') else - matches.each do |entity_reference| - unless filter and filter.include?(entity_reference) - entity_value = DocType::DEFAULT_ENTITIES[ entity_reference ] - re = /&#{entity_reference};/ - rv.gsub!( re, entity_value.value ) if entity_value - end - end + [ref[2...-1].to_i].pack('U*') end - rv.gsub!( /&/, '&' ) + elsif ref == '&' + '&' + elsif filter and filter.include?( ref[1...-1] ) + ref + elsif doctype + doctype.entity( ref[1...-1] ) or ref + else + entity_value = DocType::DEFAULT_ENTITIES[ ref[1...-1] ] + entity_value ? entity_value.value : ref end - rv end end end @@ -1,15 +1,15 @@ #define RUBY_VERSION "1.8.7" -#define RUBY_RELEASE_DATE "2012-10-12" +#define RUBY_RELEASE_DATE "2013-05-18" #define RUBY_VERSION_CODE 187 -#define RUBY_RELEASE_CODE 20121012 -#define RUBY_PATCHLEVEL 371 +#define RUBY_RELEASE_CODE 20130518 +#define RUBY_PATCHLEVEL 372 #define RUBY_VERSION_MAJOR 1 #define RUBY_VERSION_MINOR 8 #define RUBY_VERSION_TEENY 7 -#define RUBY_RELEASE_YEAR 2012 -#define RUBY_RELEASE_MONTH 10 -#define RUBY_RELEASE_DAY 12 +#define RUBY_RELEASE_YEAR 2013 +#define RUBY_RELEASE_MONTH 5 +#define RUBY_RELEASE_DAY 18 #ifdef RUBY_EXTERN RUBY_EXTERN const char ruby_version[]; |