Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

xmlParse() fails on doctyped XML after running isXML()

Description

None

Environment

Running XMLParse() on any doctyped XML succeeds with this.xmlFeatures.disallowDoctypeDecl=false;.

Running isXML() followed by xmlParse() fails with the below error message:

org.xml.sax.SAXParseException; lineNumber: 2; columnNumber: 10; DOCTYPE is disallowed when the feature "http://apache.org/xml/features/disallow-doctype-decl" set to true.

This error occurs whether this.xmlFeatures.disallowDoctypeDecl is true or false:

this.xmlFeatures = { externalGeneralEntities : true, secure : false, disallowDoctypeDecl : false, };

but if you use the full feature name and skip the alias, it works:

this.xmlFeatures = { externalGeneralEntities : true, secure : false, "http://apache.org/xml/features/disallow-doctype-decl" : false };

(Or if you comment out the isXML() and restart the Lucee server.)

Test case:

var xmlString = '<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE hibernate-mapping PUBLIC "-//Hibernate/Hibernate Mapping DTD 3.0//EN" "http://www.hibernate.org/dtd/hibernate-mapping-3.0.dtd"> <hibernate-mapping> </hibernate-mapping>'; writeDump( isValid( "xml", xmlString ) ); writeDump( xmlParse( xmlString ) );

Activity

Show:

Michael Born @ Ortus 28 July 2023 at 08:19

5.4.2.20 is a snapshot, right? Looks like 5.4.2-SNAPSHOT+20 didn’t make it to Forgebox, so I can’t actually try that version.
I’m seeing this issue reported from the Forgebox publisher, looks like the Lucee provider threw a 500 error when the Forgebox publisher tried to fetch the version for synching to Forgebox:

Error publishing Lucee  Light 5.4.2-SNAPSHOT+20.
 500 Internal Server Error
 http://update.lucee.org/rest/update/provider/forgebox/5.4.2.20-SNAPSHOT?light=true
 /root/.CommandBox/cfml/system/util/ProgressableDownloader.cfc:234

Zac Spitzer 27 July 2023 at 16:39

isValid( "xml", xmlString ) and isXml(xml) are more or less identical code paths

In the tests here, I am doing isXml and then xmlParse pretty much as described, using that same hibernate xml as a test case

https://github.com/lucee/Lucee/blob/6.0/test/tickets/LDEV3110.cfc

Zac Spitzer 27 July 2023 at 16:11

we had a previously case of xmlparse failing causing a broken server until a restart

https://luceeserver.atlassian.net/browse/LDEV-2253

Zac Spitzer 27 July 2023 at 15:35

can you try 5.4.2.20 ?

Zac Spitzer 27 July 2023 at 15:25
Edited

Here’s a partial solution https://luceeserver.atlassian.net/browse/LDEV-3110

hmm, let me dive in and see if i can figure out how that might happen

could you extend my test case to repo the problem?

Unresolved

Details

Assignee

Reporter

Priority

Labels

New Issue warning screen

Before you create a new Issue, please post to the mailing list first https://dev.lucee.org

Once the issue has been verified, one of the Lucee team will ask you to file an issue

Parent

Created 26 July 2023 at 03:49
Updated 20 June 2024 at 23:41

Flag notifications