[librsvg] io: Use XML_PARSE_NONET

From: Christian Persch <chpe src gnome org>
To: commits-list gnome org
Cc:
Subject: [librsvg] io: Use XML_PARSE_NONET
Date: Fri, 16 Aug 2013 12:49:10 +0000 (UTC)

commit d83e426fff3f6d0fa6042d0930fb70357db24125
Author: Christian Persch <chpe gnome org>
Date:   Mon Feb 11 22:36:30 2013 +0100

    io: Use XML_PARSE_NONET
    
    We don't want to load resources off the net.
    
    Bug #691708.

 rsvg-base.c |    3 +++
 rsvg-css.c  |    2 ++
 2 files changed, 5 insertions(+), 0 deletions(-)
---
diff --git a/rsvg-base.c b/rsvg-base.c
index ed383d2..1f88479 100644
--- a/rsvg-base.c
+++ b/rsvg-base.c
@@ -572,6 +572,7 @@ rsvg_start_xinclude (RsvgHandle * ctx, RsvgPropertyBag * atts)
             goto fallback;
 
         xml_parser = xmlCreatePushParserCtxt (&rsvgSAXHandlerStruct, ctx, NULL, 0, NULL);
+        xml_parser->options |= XML_PARSE_NONET;
 
         buffer = _rsvg_xml_input_buffer_new_from_stream (stream, NULL /* cancellable */, 
XML_CHAR_ENCODING_NONE, &err);
         g_object_unref (stream);
@@ -1111,6 +1112,7 @@ rsvg_handle_write_impl (RsvgHandle * handle, const guchar * buf, gsize count, GE
     if (handle->priv->ctxt == NULL) {
         handle->priv->ctxt = xmlCreatePushParserCtxt (&rsvgSAXHandlerStruct, handle, NULL, 0,
                                                       rsvg_handle_get_base_uri (handle));
+        handle->priv->ctxt->options |= XML_PARSE_NONET;
 
         /* if false, external entities work, but internal ones don't. if true, internal entities
            work, but external ones don't. favor internal entities, in order to not cause a
@@ -1767,6 +1769,7 @@ rsvg_handle_read_stream_sync (RsvgHandle   *handle,
     if (priv->ctxt == NULL) {
         priv->ctxt = xmlCreatePushParserCtxt (&rsvgSAXHandlerStruct, handle, NULL, 0,
                                               rsvg_handle_get_base_uri (handle));
+        priv->ctxt->options |= XML_PARSE_NONET;
 
         /* if false, external entities work, but internal ones don't. if true, internal entities
            work, but external ones don't. favor internal entities, in order to not cause a
diff --git a/rsvg-css.c b/rsvg-css.c
index 7813098..3f703cc 100644
--- a/rsvg-css.c
+++ b/rsvg-css.c
@@ -836,6 +836,8 @@ rsvg_css_parse_xml_attribute_string (const char *attribute_string)
     xmlSAX2InitDefaultSAXHandler (&handler, 0);
     handler.serror = rsvg_xml_noerror;
     parser = xmlCreatePushParserCtxt (&handler, NULL, tag, strlen (tag) + 1, NULL);
+    parser->options |= XML_PARSE_NONET;
+
     if (xmlParseDocument (parser) != 0)
         goto done;

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]