JDOM XXE Protection [CVE-2013-1856]

Conflicts: activesupport/test/xml_mini/jdom_engine_test.rb
author: Ben Murphy <benmmurphy@gmail.com> 2013-02-08 02:48:22 +0000
committer: Aaron Patterson <aaron.patterson@gmail.com> 2013-03-15 17:48:27 -0700
commit: c0d06633f0eafd1ef8cf51b4913894d6c8c9b58f (patch)
tree: 8824b21fd82d9caee277498325710ffeca5ec159 /activesupport/test/fixtures/xml
parent: ff3b9ca1308056b2c939ce77fbea1c4665f3619e (diff)
download: rails-c0d06633f0eafd1ef8cf51b4913894d6c8c9b58f.tar.gz
rails-c0d06633f0eafd1ef8cf51b4913894d6c8c9b58f.tar.bz2
rails-c0d06633f0eafd1ef8cf51b4913894d6c8c9b58f.zip
3 files changed, 3 insertions, 0 deletions
diff --git a/activesupport/test/fixtures/xml/jdom_doctype.dtd b/activesupport/test/fixtures/xml/jdom_doctype.dtd
new file mode 100644
index 0000000000..89480496ef
--- /dev/null
+++ b/activesupport/test/fixtures/xml/jdom_doctype.dtd
@@ -0,0 +1 @@
+<!ENTITY a "external entity">
diff --git a/activesupport/test/fixtures/xml/jdom_entities.txt b/activesupport/test/fixtures/xml/jdom_entities.txt
new file mode 100644
index 0000000000..0337fdaa08
--- /dev/null
+++ b/activesupport/test/fixtures/xml/jdom_entities.txt
@@ -0,0 +1 @@
+<!ENTITY a "hello">
diff --git a/activesupport/test/fixtures/xml/jdom_include.txt b/activesupport/test/fixtures/xml/jdom_include.txt
new file mode 100644
index 0000000000..239ca3afaf
--- /dev/null
+++ b/activesupport/test/fixtures/xml/jdom_include.txt
@@ -0,0 +1 @@
+include me
author	Ben Murphy <benmmurphy@gmail.com>	2013-02-08 02:48:22 +0000
committer	Aaron Patterson <aaron.patterson@gmail.com>	2013-03-15 17:48:27 -0700
commit	c0d06633f0eafd1ef8cf51b4913894d6c8c9b58f (patch)
tree	8824b21fd82d9caee277498325710ffeca5ec159 /activesupport/test/fixtures/xml
parent	ff3b9ca1308056b2c939ce77fbea1c4665f3619e (diff)
download	rails-c0d06633f0eafd1ef8cf51b4913894d6c8c9b58f.tar.gz rails-c0d06633f0eafd1ef8cf51b4913894d6c8c9b58f.tar.bz2 rails-c0d06633f0eafd1ef8cf51b4913894d6c8c9b58f.zip