Lines 23-28
Link Here
|
23 |
import java.util.List; |
23 |
import java.util.List; |
24 |
import java.util.zip.ZipEntry; |
24 |
import java.util.zip.ZipEntry; |
25 |
|
25 |
|
|
|
26 |
import javax.xml.XMLConstants; |
27 |
import javax.xml.parsers.ParserConfigurationException; |
28 |
import javax.xml.parsers.SAXParser; |
29 |
import javax.xml.parsers.SAXParserFactory; |
30 |
|
31 |
import org.apache.poi.POIXMLException; |
26 |
import org.apache.poi.openxml4j.exceptions.InvalidFormatException; |
32 |
import org.apache.poi.openxml4j.exceptions.InvalidFormatException; |
27 |
import org.apache.poi.openxml4j.opc.PackageNamespaces; |
33 |
import org.apache.poi.openxml4j.opc.PackageNamespaces; |
28 |
import org.apache.poi.openxml4j.opc.PackagePart; |
34 |
import org.apache.poi.openxml4j.opc.PackagePart; |
Lines 39-47
Link Here
|
39 |
import org.dom4j.QName; |
45 |
import org.dom4j.QName; |
40 |
import org.dom4j.io.SAXReader; |
46 |
import org.dom4j.io.SAXReader; |
41 |
import org.xml.sax.SAXException; |
47 |
import org.xml.sax.SAXException; |
|
|
48 |
import org.xml.sax.SAXParseException; |
42 |
|
49 |
|
43 |
/** |
50 |
/** |
44 |
* Package properties unmarshaller. |
51 |
* Package properties unmarshaller. |
45 |
* |
52 |
* |
Lines 128-140
Link Here
|
128 |
} |
127 |
} |
129 |
|
128 |
|
130 |
SAXReader xmlReader = new SAXReader(); |
129 |
SAXReader xmlReader = new SAXReader(); |
|
|
130 |
SAXParserFactory spf = SAXParserFactory.newInstance(); |
131 |
SAXParser sp; |
131 |
Document xmlDoc; |
132 |
Document xmlDoc; |
132 |
try { |
133 |
try { |
|
|
134 |
spf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); |
135 |
sp = spf.newSAXParser(); |
136 |
xmlReader.setXMLReader(sp.getXMLReader()); |
133 |
xmlDoc = xmlReader.read(in); |
137 |
xmlDoc = xmlReader.read(in); |
134 |
|
138 |
|
135 |
/* Check OPC compliance */ |
139 |
/* Check OPC compliance */ |
Lines 145-154
Link Here
|
145 |
/* End OPC compliance */ |
144 |
/* End OPC compliance */ |
146 |
|
145 |
|
147 |
} catch (DocumentException e) { |
146 |
} catch (DocumentException e) { |
|
|
147 |
Throwable nestedException = e.getNestedException(); |
148 |
if (null != nestedException && |
149 |
nestedException instanceof SAXParseException && |
150 |
null != nestedException.getMessage() && |
151 |
nestedException.getMessage().contains("entity expansions in this document; this is the limit")) { |
152 |
throw new POIXMLException(e); |
153 |
} |
148 |
throw new IOException(e.getMessage()); |
154 |
throw new IOException(e.getMessage()); |
149 |
} catch (SAXException e) { |
155 |
} catch (SAXException e) { |
150 |
throw new IOException(e.getMessage()); |
156 |
throw new IOException(e.getMessage()); |
151 |
} |
157 |
} catch (ParserConfigurationException e) { |
|
|
158 |
throw new IOException(e.getMessage()); |
159 |
} |
152 |
|
160 |
|
153 |
coreProps.setCategoryProperty(loadCategory(xmlDoc)); |
161 |
coreProps.setCategoryProperty(loadCategory(xmlDoc)); |
154 |
coreProps.setContentStatusProperty(loadContentStatus(xmlDoc)); |
162 |
coreProps.setContentStatusProperty(loadContentStatus(xmlDoc)); |