diff options
| -rw-r--r-- | activesupport/lib/active_support/core_ext/rexml.rb | 42 |
1 files changed, 22 insertions, 20 deletions
diff --git a/activesupport/lib/active_support/core_ext/rexml.rb b/activesupport/lib/active_support/core_ext/rexml.rb index 058295b057..af8ce3af47 100644 --- a/activesupport/lib/active_support/core_ext/rexml.rb +++ b/activesupport/lib/active_support/core_ext/rexml.rb @@ -5,28 +5,30 @@ require 'rexml/entity' # http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/ # This fix is identical to rexml-expansion-fix version 1.0.1 -module REXML - class Entity < Child - undef_method :unnormalized - def unnormalized - document.record_entity_expansion! if document - v = value() - return nil if v.nil? - @unnormalized = Text::unnormalize(v, parent) - @unnormalized - end - end - class Document < Element - @@entity_expansion_limit = 10_000 - def self.entity_expansion_limit= val - @@entity_expansion_limit = val +unless REXML::VERSION > "3.1.7.2" + module REXML + class Entity < Child + undef_method :unnormalized + def unnormalized + document.record_entity_expansion! if document + v = value() + return nil if v.nil? + @unnormalized = Text::unnormalize(v, parent) + @unnormalized + end end + class Document < Element + @@entity_expansion_limit = 10_000 + def self.entity_expansion_limit= val + @@entity_expansion_limit = val + end - def record_entity_expansion! - @number_of_expansions ||= 0 - @number_of_expansions += 1 - if @number_of_expansions > @@entity_expansion_limit - raise "Number of entity expansions exceeded, processing aborted." + def record_entity_expansion! + @number_of_expansions ||= 0 + @number_of_expansions += 1 + if @number_of_expansions > @@entity_expansion_limit + raise "Number of entity expansions exceeded, processing aborted." + end end end end |