diff options
-rw-r--r-- | ChangeLog | 5 | ||||
-rw-r--r-- | lib/rexml/document.rb | 4 | ||||
-rw-r--r-- | lib/rexml/entity.rb | 1 | ||||
-rw-r--r-- | test/rexml/test_document.rb | 53 | ||||
-rw-r--r-- | version.h | 6 |
5 files changed, 65 insertions, 4 deletions
@@ -1,3 +1,8 @@ +Thu Nov 13 22:32:34 2014 CHIKANAGA Tomoyuki <nagachika@ruby-lang.org> + + * lib/rexml/document.rb: add REXML::Document#document. + reported by Tomas Hoger <thoger@redhat.com> and patched by nahi. + Thu Nov 6 22:57:43 2014 Naohisa Goto <ngotogenome@gmail.com> * bignum.c (absint_numwords_generic): set an array element after diff --git a/lib/rexml/document.rb b/lib/rexml/document.rb index 1e18263dda..f92eb62d95 100644 --- a/lib/rexml/document.rb +++ b/lib/rexml/document.rb @@ -278,6 +278,10 @@ module REXML end end + def document + self + end + private def build( source ) Parsers::TreeParser.new( source, self ).parse diff --git a/lib/rexml/entity.rb b/lib/rexml/entity.rb index f447202394..3a35ec6b94 100644 --- a/lib/rexml/entity.rb +++ b/lib/rexml/entity.rb @@ -157,6 +157,7 @@ module REXML # This is a set of entity constants -- the ones defined in the XML # specification. These are +gt+, +lt+, +amp+, +quot+ and +apos+. + # CAUTION: these entities does not have parent and document module EntityConst # +>+ GT = Entity.new( 'gt', '>' ) diff --git a/test/rexml/test_document.rb b/test/rexml/test_document.rb index efdcf66b82..c5ac057e14 100644 --- a/test/rexml/test_document.rb +++ b/test/rexml/test_document.rb @@ -47,7 +47,23 @@ EOF </member> EOF - XML_WITH_NESTED_PARAMETER_ENTITY = <<EOF + XML_WITH_NESTED_EMPTY_ENTITY = <<EOF +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE member [ + <!ENTITY a "&b;&b;&b;&b;&b;&b;&b;&b;&b;&b;"> + <!ENTITY b "&c;&c;&c;&c;&c;&c;&c;&c;&c;&c;"> + <!ENTITY c "&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;"> + <!ENTITY d "&e;&e;&e;&e;&e;&e;&e;&e;&e;&e;"> + <!ENTITY e "&f;&f;&f;&f;&f;&f;&f;&f;&f;&f;"> + <!ENTITY f "&g;&g;&g;&g;&g;&g;&g;&g;&g;&g;"> + <!ENTITY g ""> +]> +<member> +&a; +</member> +EOF + + XML_WITH_NESTED_PARAMETER_ENTITY = <<EOF <!DOCTYPE root [ <!ENTITY % a "BOOM.BOOM.BOOM.BOOM.BOOM.BOOM.BOOM.BOOM.BOOM."> <!ENTITY % b "%a;%a;%a;%a;%a;%a;%a;%a;%a;%a;%a;%a;%a;%a;%a;"> @@ -61,6 +77,20 @@ EOF <cd></cd> EOF + XML_WITH_NESTED_EMPTY_PARAMETER_ENTITY = <<EOF +<!DOCTYPE root [ + <!ENTITY % a ""> + <!ENTITY % b "%a;%a;%a;%a;%a;%a;%a;%a;%a;%a;%a;%a;%a;%a;%a;"> + <!ENTITY % c "%b;%b;%b;%b;%b;%b;%b;%b;%b;%b;%b;%b;%b;%b;%b;"> + <!ENTITY % d "%c;%c;%c;%c;%c;%c;%c;%c;%c;%c;%c;%c;%c;%c;%c;"> + <!ENTITY % e "%d;%d;%d;%d;%d;%d;%d;%d;%d;%d;%d;%d;%d;%d;%d;"> + <!ENTITY % f "%e;%e;%e;%e;%e;%e;%e;%e;%e;%e;%e;%e;%e;%e;%e;"> + <!ENTITY % g "%f;%f;%f;%f;%f;%f;%f;%f;%f;%f;%f;%f;%f;%f;%f;"> + <!ENTITY test "test %g;"> +]> +<cd></cd> +EOF + XML_WITH_4_ENTITY_EXPANSION = <<EOF <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE member [ @@ -87,6 +117,18 @@ EOF end assert_equal(101, doc.entity_expansion_count) + doc = REXML::Document.new(XML_WITH_NESTED_EMPTY_ENTITY) + assert_raise(RuntimeError) do + doc.root.children.first.value + end + REXML::Security.entity_expansion_limit = 100 + assert_equal(100, REXML::Security.entity_expansion_limit) + doc = REXML::Document.new(XML_WITH_NESTED_EMPTY_ENTITY) + assert_raise(RuntimeError) do + doc.root.children.first.value + end + assert_equal(101, doc.entity_expansion_count) + REXML::Security.entity_expansion_limit = 4 doc = REXML::Document.new(XML_WITH_4_ENTITY_EXPANSION) assert_equal("\na\na a\n<\n", doc.root.children.first.value) @@ -108,6 +150,15 @@ EOF assert_raise(REXML::ParseException) do REXML::Document.new(XML_WITH_NESTED_PARAMETER_ENTITY) end + + assert_raise(REXML::ParseException) do + REXML::Document.new(XML_WITH_NESTED_EMPTY_PARAMETER_ENTITY) + end + REXML::Security.entity_expansion_limit = 100 + assert_equal(100, REXML::Security.entity_expansion_limit) + assert_raise(REXML::ParseException) do + REXML::Document.new(XML_WITH_NESTED_EMPTY_PARAMETER_ENTITY) + end ensure REXML::Security.entity_expansion_limit = 10000 end @@ -1,10 +1,10 @@ #define RUBY_VERSION "2.1.5" -#define RUBY_RELEASE_DATE "2014-11-06" -#define RUBY_PATCHLEVEL 272 +#define RUBY_RELEASE_DATE "2014-11-13" +#define RUBY_PATCHLEVEL 273 #define RUBY_RELEASE_YEAR 2014 #define RUBY_RELEASE_MONTH 11 -#define RUBY_RELEASE_DAY 6 +#define RUBY_RELEASE_DAY 13 #include "ruby/version.h" |