Merge in fix for critical blocker #166371

Fixed bugs: - https://launchpad.net/bugs/166371 (bzr r12510)
author: Martin Owens <doctormo@gmail.com> 2013-09-12 21:30:41 +0000
committer: Martin Owens <doctormo@gmail.com> 2013-09-12 21:30:41 +0000
commit: 60f9fe4adf84a4ff18ac896f44a05ec7ee70f90a (patch)
tree: d70c962cf700d5fa6ea1130e7ecc26351b2f7ab7 /src/xml
parent: Forgot check in last commit. (diff)
parent: Fix regex so it effects the buffer and ban PUBLIC entities too. (diff)
download: inkscape-60f9fe4adf84a4ff18ac896f44a05ec7ee70f90a.tar.gz
inkscape-60f9fe4adf84a4ff18ac896f44a05ec7ee70f90a.zip
1 files changed, 59 insertions, 16 deletions
diff --git a/src/xml/repr-io.cpp b/src/xml/repr-io.cpp
index af47779fe..579c7598c 100644
--- a/src/xml/repr-io.cpp
+++ b/src/xml/repr-io.cpp
@@ -100,6 +100,9 @@ public:
 
     int setFile( char const * filename );
 
+    xmlDocPtr readXml();
+    bool SystemCheck; // Checks for SYSTEM Entities
+
     static int readCb( void * context, char * buffer, int len );
     static int closeCb( void * context );
 
@@ -121,6 +124,7 @@ int XmlSource::setFile(char const *filename)
 {
     int retVal = -1;
 
+    this->SystemCheck = false;
     this->filename = filename;
 
     fp = Inkscape::IO::fopen_utf8name(filename, "r");
@@ -178,13 +182,53 @@ int XmlSource::setFile(char const *filename)
     return retVal;
 }
 
+xmlDocPtr XmlSource::readXml()
+{
+    int parse_options = XML_PARSE_HUGE | XML_PARSE_RECOVER;
+
+    Inkscape::Preferences *prefs = Inkscape::Preferences::get();
+    bool allowNetAccess = prefs->getBool("/options/externalresources/xml/allow_net_access", false);
+    if (!allowNetAccess) parse_options |= XML_PARSE_NONET;
+
+    // Allow NOENT only if we're filtering out SYSTEM and PUBLIC entities
+    if (SystemCheck)     parse_options |= XML_PARSE_NOENT;
+
+    return xmlReadIO( readCb, closeCb, this,
+                      filename, getEncoding(), parse_options);
+}
 
 int XmlSource::readCb( void * context, char * buffer, int len )
 {
     int retVal = -1;
+
     if ( context ) {
         XmlSource* self = static_cast<XmlSource*>(context);
         retVal = self->read( buffer, len );
+
+        if(self->SystemCheck) {
+            GMatchInfo *info;
+            gint start, end;
+
+            GRegex *regex = g_regex_new(
+                "<!ENTITY\\s+[^>\\s]+\\s+(SYSTEM|PUBLIC\\s+\"[^>\"]+\")\\s+\"[^>\"]+\"\\s*>",
+                G_REGEX_CASELESS, G_REGEX_MATCH_NEWLINE_ANY, NULL);
+
+            // Check for SYSTEM or PUBLIC entities and kill them with spaces
+            // Note: g_regex_replace does not modify buffer in place, this
+            // logic is used instead because we can just blank out the offending
+            // charicters in the right place without hurting the length.
+            g_regex_match (regex, buffer, G_REGEX_MATCH_NEWLINE_ANY, &info);
+
+            while (g_match_info_matches (info)) {
+                if (g_match_info_fetch_pos (info, 1, &start, &end)) {
+                    for (int x=start; x<end; x++)
+                        buffer[x] = 0x20;
+                }
+                g_match_info_next (info, NULL);
+            }
+            g_match_info_unref(info);
+            g_regex_unref(regex);
+        }
     }
     return retVal;
 }
@@ -299,22 +343,21 @@ Document *sp_repr_read_file (const gchar * filename, const gchar *default_ns)
         XmlSource src;
 
         if ( (src.setFile(filename) == 0) ) {
-            int parse_options = XML_PARSE_HUGE; // do not use XML_PARSE_NOENT ! see bug lp:1025185
-            Inkscape::Preferences *prefs = Inkscape::Preferences::get();
-            bool allowNetAccess = prefs->getBool("/options/externalresources/xml/allow_net_access", false);
-            if (!allowNetAccess) {
-                parse_options |= XML_PARSE_NONET;
+            doc = src.readXml();
+            rdoc = sp_repr_do_read( doc, default_ns );
+            // For some reason, failed ns loading results in this
+            // We try a system check version of load with NOENT for adobe
+            if(rdoc && strcmp(rdoc->root()->name(), "ns:svg") == 0) {
+                xmlFreeDoc( doc );
+                src.setFile(filename);
+                src.SystemCheck = true;
+                doc = src.readXml();
+                rdoc = sp_repr_do_read( doc, default_ns );
             }
-            doc = xmlReadIO( XmlSource::readCb,
-                             XmlSource::closeCb,
-                             &src,
-                             localFilename,
-                             src.getEncoding(),
-                             parse_options);
         }
     }
 
-    rdoc = sp_repr_do_read( doc, default_ns );
+
     if ( doc ) {
         xmlFreeDoc( doc );
     }
@@ -947,15 +990,15 @@ void sp_repr_write_stream_element( Node * repr, Writer & out,
     // THIS DOESN'T APPEAR TO DO ANYTHING. Can it be commented out or deleted?
     {
         GQuark const href_key = g_quark_from_static_string("xlink:href");
-        GQuark const absref_key = g_quark_from_static_string("sodipodi:absref");
+        //GQuark const absref_key = g_quark_from_static_string("sodipodi:absref");
 
         gchar const *xxHref = 0;
-        gchar const *xxAbsref = 0;
+        //gchar const *xxAbsref = 0;
         for ( List<AttributeRecord const> ai(attributes); ai; ++ai ) {
             if ( ai->key == href_key ) {
                 xxHref = ai->value;
-            } else if ( ai->key == absref_key ) {
-                xxAbsref = ai->value;
+            //} else if ( ai->key == absref_key ) {
+                //xxAbsref = ai->value;
             }
         }
author	Martin Owens <doctormo@gmail.com>	2013-09-12 21:30:41 +0000
committer	Martin Owens <doctormo@gmail.com>	2013-09-12 21:30:41 +0000
commit	60f9fe4adf84a4ff18ac896f44a05ec7ee70f90a (patch)
tree	d70c962cf700d5fa6ea1130e7ecc26351b2f7ab7 /src/xml
parent	Forgot check in last commit. (diff)
parent	Fix regex so it effects the buffer and ban PUBLIC entities too. (diff)
download	inkscape-60f9fe4adf84a4ff18ac896f44a05ec7ee70f90a.tar.gz inkscape-60f9fe4adf84a4ff18ac896f44a05ec7ee70f90a.zip