From ebfa43c423ac16bb699424d8d3db11855dd79a91 Mon Sep 17 00:00:00 2001
From: Michael Koziarski <michael@koziarski.com>
Date: Tue, 2 Sep 2008 16:22:20 +0200
Subject: Merge rexml-expansion-fix gem into activesupport.

Addresses the security issue documented at:
* http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/
---
 activesupport/lib/active_support/core_ext/rexml.rb | 35 ++++++++++++++++++++++
 1 file changed, 35 insertions(+)
 create mode 100644 activesupport/lib/active_support/core_ext/rexml.rb

(limited to 'activesupport/lib/active_support/core_ext')

diff --git a/activesupport/lib/active_support/core_ext/rexml.rb b/activesupport/lib/active_support/core_ext/rexml.rb
new file mode 100644
index 0000000000..af8ce3af47
--- /dev/null
+++ b/activesupport/lib/active_support/core_ext/rexml.rb
@@ -0,0 +1,35 @@
+require 'rexml/document'
+require 'rexml/entity'
+
+# Fixes the rexml vulnerability disclosed at:
+# http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/
+# This fix is identical to rexml-expansion-fix version 1.0.1
+
+unless REXML::VERSION > "3.1.7.2"
+  module REXML
+    class Entity < Child
+      undef_method :unnormalized
+      def unnormalized
+        document.record_entity_expansion! if document
+        v = value()
+        return nil if v.nil?
+        @unnormalized = Text::unnormalize(v, parent)
+        @unnormalized
+      end
+    end
+    class Document < Element
+      @@entity_expansion_limit = 10_000
+      def self.entity_expansion_limit= val
+        @@entity_expansion_limit = val
+      end
+
+      def record_entity_expansion!
+        @number_of_expansions ||= 0
+        @number_of_expansions += 1
+        if @number_of_expansions > @@entity_expansion_limit
+          raise "Number of entity expansions exceeded, processing aborted."
+        end
+      end
+    end
+  end
+end
-- 
cgit v1.2.3