git.evergreen-ils.org Git - working/NCIPServer.git/commit

]> git.evergreen-ils.org Git - working/NCIPServer.git/commit

projects / working / NCIPServer.git / commit

author	Jason Stephenson <jason@sigio.com>
	Thu, 3 Nov 2016 14:12:19 +0000 (10:12 -0400)
committer	Jason Stephenson <jason@sigio.com>
	Thu, 3 Nov 2016 14:12:19 +0000 (10:12 -0400)
commit	0dabe8af9ef69bca3d9980f251d141f66d3fbaea
tree	2be7575513e779b97b3c153e40b92de2b761528c	tree
parent	b7d7ab764a76b07fd2a853c504813ccc076b5aba	commit \| diff

Check for external XML entities in NCIP.pm.

Add an external entity handler to DOM creation in the main NCIP
module's handle_initiation function. This handler dies and the error
processing catches that error, logs that a possible XXE attack was
detected and then returns undef.

Signed-off-by: Jason Stephenson <jason@sigio.com>

lib/NCIP.pm

diff | blob | history

NCIP Server

RSS Atom