From d83e426fff3f6d0fa6042d0930fb70357db24125 Mon Sep 17 00:00:00 2001 From: Christian Persch Date: Mon, 11 Feb 2013 22:36:30 +0100 Subject: io: Use XML_PARSE_NONET We don't want to load resources off the net. Bug #691708. diff --git a/rsvg-base.c b/rsvg-base.c index ed383d2..1f88479 100644 --- a/rsvg-base.c +++ b/rsvg-base.c @@ -572,6 +572,7 @@ rsvg_start_xinclude (RsvgHandle * ctx, RsvgPropertyBag * atts) goto fallback; xml_parser = xmlCreatePushParserCtxt (&rsvgSAXHandlerStruct, ctx, NULL, 0, NULL); + xml_parser->options |= XML_PARSE_NONET; buffer = _rsvg_xml_input_buffer_new_from_stream (stream, NULL /* cancellable */, XML_CHAR_ENCODING_NONE, &err); g_object_unref (stream); @@ -1111,6 +1112,7 @@ rsvg_handle_write_impl (RsvgHandle * handle, const guchar * buf, gsize count, GE if (handle->priv->ctxt == NULL) { handle->priv->ctxt = xmlCreatePushParserCtxt (&rsvgSAXHandlerStruct, handle, NULL, 0, rsvg_handle_get_base_uri (handle)); + handle->priv->ctxt->options |= XML_PARSE_NONET; /* if false, external entities work, but internal ones don't. if true, internal entities work, but external ones don't. favor internal entities, in order to not cause a @@ -1767,6 +1769,7 @@ rsvg_handle_read_stream_sync (RsvgHandle *handle, if (priv->ctxt == NULL) { priv->ctxt = xmlCreatePushParserCtxt (&rsvgSAXHandlerStruct, handle, NULL, 0, rsvg_handle_get_base_uri (handle)); + priv->ctxt->options |= XML_PARSE_NONET; /* if false, external entities work, but internal ones don't. if true, internal entities work, but external ones don't. favor internal entities, in order to not cause a diff --git a/rsvg-css.c b/rsvg-css.c index 7813098..3f703cc 100644 --- a/rsvg-css.c +++ b/rsvg-css.c @@ -836,6 +836,8 @@ rsvg_css_parse_xml_attribute_string (const char *attribute_string) xmlSAX2InitDefaultSAXHandler (&handler, 0); handler.serror = rsvg_xml_noerror; parser = xmlCreatePushParserCtxt (&handler, NULL, tag, strlen (tag) + 1, NULL); + parser->options |= XML_PARSE_NONET; + if (xmlParseDocument (parser) != 0) goto done; -- cgit v0.10.1