github
/
halo
mirror of https://github.com/halo-dev/halo
1
0
Fork 0
Code Issues Releases Wiki Activity

Fix xml external entity vulnerability

pull/755/head
johnniang 2019-12-13 01:07:01 +08:00
parent 2056f528fd
commit 568e48733f
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/main/java/run/halo/app/utils/WordPressMigrateUtils.java
View File

@ -43,6 +43,7 @@ public class WordPressMigrateUtils {
try {
SAXReader saxReader = new SAXReader();
Document document = saxReader.read(fileInputStream);
saxReader.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
return document.getRootElement();
} catch (Exception e) {
throw new RuntimeException("can not get root element");