ruby-changes:36323
From: nagachika <ko1@a...>
Date: Thu, 13 Nov 2014 22:36:27 +0900 (JST)
Subject: [ruby-changes:36323] nagachika:r48404 (ruby_2_1): merge revision(s) r48402:
nagachika 2014-11-13 22:36:20 +0900 (Thu, 13 Nov 2014) New Revision: 48404 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=48404 Log: merge revision(s) r48402: * lib/rexml/document.rb: add REXML::Document#document. reported by Tomas Hoger <thoger@r...> and patched by nahi. Modified directories: branches/ruby_2_1/ Modified files: branches/ruby_2_1/ChangeLog branches/ruby_2_1/lib/rexml/document.rb branches/ruby_2_1/lib/rexml/entity.rb branches/ruby_2_1/test/rexml/test_document.rb branches/ruby_2_1/version.h Index: ruby_2_1/ChangeLog =================================================================== --- ruby_2_1/ChangeLog (revision 48403) +++ ruby_2_1/ChangeLog (revision 48404) @@ -1,3 +1,8 @@ https://github.com/ruby/ruby/blob/trunk/ruby_2_1/ChangeLog#L1 +Thu Nov 13 22:32:34 2014 CHIKANAGA Tomoyuki <nagachika@r...> + + * lib/rexml/document.rb: add REXML::Document#document. + reported by Tomas Hoger <thoger@r...> and patched by nahi. + Thu Nov 6 22:57:43 2014 Naohisa Goto <ngotogenome@g...> * bignum.c (absint_numwords_generic): set an array element after Index: ruby_2_1/lib/rexml/document.rb =================================================================== --- ruby_2_1/lib/rexml/document.rb (revision 48403) +++ ruby_2_1/lib/rexml/document.rb (revision 48404) @@ -278,6 +278,10 @@ module REXML https://github.com/ruby/ruby/blob/trunk/ruby_2_1/lib/rexml/document.rb#L278 end end + def document + self + end + private def build( source ) Parsers::TreeParser.new( source, self ).parse Index: ruby_2_1/lib/rexml/entity.rb =================================================================== --- ruby_2_1/lib/rexml/entity.rb (revision 48403) +++ ruby_2_1/lib/rexml/entity.rb (revision 48404) @@ -157,6 +157,7 @@ module REXML https://github.com/ruby/ruby/blob/trunk/ruby_2_1/lib/rexml/entity.rb#L157 # This is a set of entity constants -- the ones defined in the XML # specification. These are +gt+, +lt+, +amp+, +quot+ and +apos+. + # CAUTION: these entities does not have parent and document module EntityConst # +>+ GT = Entity.new( 'gt', '>' ) Index: ruby_2_1/version.h =================================================================== --- ruby_2_1/version.h (revision 48403) +++ ruby_2_1/version.h (revision 48404) @@ -1,10 +1,10 @@ https://github.com/ruby/ruby/blob/trunk/ruby_2_1/version.h#L1 #define RUBY_VERSION "2.1.5" -#define RUBY_RELEASE_DATE "2014-11-06" -#define RUBY_PATCHLEVEL 272 +#define RUBY_RELEASE_DATE "2014-11-13" +#define RUBY_PATCHLEVEL 273 #define RUBY_RELEASE_YEAR 2014 #define RUBY_RELEASE_MONTH 11 -#define RUBY_RELEASE_DAY 6 +#define RUBY_RELEASE_DAY 13 #include "ruby/version.h" Index: ruby_2_1/test/rexml/test_document.rb =================================================================== --- ruby_2_1/test/rexml/test_document.rb (revision 48403) +++ ruby_2_1/test/rexml/test_document.rb (revision 48404) @@ -47,7 +47,23 @@ EOF https://github.com/ruby/ruby/blob/trunk/ruby_2_1/test/rexml/test_document.rb#L47 </member> EOF - XML_WITH_NESTED_PARAMETER_ENTITY = <<EOF + XML_WITH_NESTED_EMPTY_ENTITY = <<EOF +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE member [ + <!ENTITY a "&b;&b;&b;&b;&b;&b;&b;&b;&b;&b;"> + <!ENTITY b "&c;&c;&c;&c;&c;&c;&c;&c;&c;&c;"> + <!ENTITY c "&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;"> + <!ENTITY d "&e;&e;&e;&e;&e;&e;&e;&e;&e;&e;"> + <!ENTITY e "&f;&f;&f;&f;&f;&f;&f;&f;&f;&f;"> + <!ENTITY f "&g;&g;&g;&g;&g;&g;&g;&g;&g;&g;"> + <!ENTITY g ""> +]> +<member> +&a; +</member> +EOF + + XML_WITH_NESTED_PARAMETER_ENTITY = <<EOF <!DOCTYPE root [ <!ENTITY % a "BOOM.BOOM.BOOM.BOOM.BOOM.BOOM.BOOM.BOOM.BOOM."> <!ENTITY % b "%a;%a;%a;%a;%a;%a;%a;%a;%a;%a;%a;%a;%a;%a;%a;"> @@ -61,6 +77,20 @@ EOF https://github.com/ruby/ruby/blob/trunk/ruby_2_1/test/rexml/test_document.rb#L77 <cd></cd> EOF + XML_WITH_NESTED_EMPTY_PARAMETER_ENTITY = <<EOF +<!DOCTYPE root [ + <!ENTITY % a ""> + <!ENTITY % b "%a;%a;%a;%a;%a;%a;%a;%a;%a;%a;%a;%a;%a;%a;%a;"> + <!ENTITY % c "%b;%b;%b;%b;%b;%b;%b;%b;%b;%b;%b;%b;%b;%b;%b;"> + <!ENTITY % d "%c;%c;%c;%c;%c;%c;%c;%c;%c;%c;%c;%c;%c;%c;%c;"> + <!ENTITY % e "%d;%d;%d;%d;%d;%d;%d;%d;%d;%d;%d;%d;%d;%d;%d;"> + <!ENTITY % f "%e;%e;%e;%e;%e;%e;%e;%e;%e;%e;%e;%e;%e;%e;%e;"> + <!ENTITY % g "%f;%f;%f;%f;%f;%f;%f;%f;%f;%f;%f;%f;%f;%f;%f;"> + <!ENTITY test "test %g;"> +]> +<cd></cd> +EOF + XML_WITH_4_ENTITY_EXPANSION = <<EOF <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE member [ @@ -87,6 +117,18 @@ EOF https://github.com/ruby/ruby/blob/trunk/ruby_2_1/test/rexml/test_document.rb#L117 end assert_equal(101, doc.entity_expansion_count) + doc = REXML::Document.new(XML_WITH_NESTED_EMPTY_ENTITY) + assert_raise(RuntimeError) do + doc.root.children.first.value + end + REXML::Security.entity_expansion_limit = 100 + assert_equal(100, REXML::Security.entity_expansion_limit) + doc = REXML::Document.new(XML_WITH_NESTED_EMPTY_ENTITY) + assert_raise(RuntimeError) do + doc.root.children.first.value + end + assert_equal(101, doc.entity_expansion_count) + REXML::Security.entity_expansion_limit = 4 doc = REXML::Document.new(XML_WITH_4_ENTITY_EXPANSION) assert_equal("\na\na a\n<\n", doc.root.children.first.value) @@ -108,6 +150,15 @@ EOF https://github.com/ruby/ruby/blob/trunk/ruby_2_1/test/rexml/test_document.rb#L150 assert_raise(REXML::ParseException) do REXML::Document.new(XML_WITH_NESTED_PARAMETER_ENTITY) end + + assert_raise(REXML::ParseException) do + REXML::Document.new(XML_WITH_NESTED_EMPTY_PARAMETER_ENTITY) + end + REXML::Security.entity_expansion_limit = 100 + assert_equal(100, REXML::Security.entity_expansion_limit) + assert_raise(REXML::ParseException) do + REXML::Document.new(XML_WITH_NESTED_EMPTY_PARAMETER_ENTITY) + end ensure REXML::Security.entity_expansion_limit = 10000 end Property changes on: ruby_2_1 ___________________________________________________________________ Modified: svn:mergeinfo Merged /trunk:r48402 -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/