vendor/rails/activesupport/lib/active_support/core_ext/rexml.rb

   1 require 'rexml/document'
   2 require 'rexml/entity'
   3
   4 # Fixes the rexml vulnerability disclosed at:
   5 # http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/
   6 # This fix is identical to rexml-expansion-fix version 1.0.1
   7
   8 # Earlier versions of rexml defined REXML::Version, newer ones REXML::VERSION
   9 unless REXML::Document.respond_to?(:entity_expansion_limit=)
  10   module REXML
  11     class Entity < Child
  12       undef_method :unnormalized
  13       def unnormalized
  14         document.record_entity_expansion! if document
  15         v = value()
  16         return nil if v.nil?
  17         @unnormalized = Text::unnormalize(v, parent)
  18         @unnormalized
  19       end
  20     end
  21     class Document < Element
  22       @@entity_expansion_limit = 10_000
  23       def self.entity_expansion_limit= val
  24         @@entity_expansion_limit = val
  25       end
  26
  27       def record_entity_expansion!
  28         @number_of_expansions ||= 0
  29         @number_of_expansions += 1
  30         if @number_of_expansions > @@entity_expansion_limit
  31           raise "Number of entity expansions exceeded, processing aborted."
  32         end
  33       end
  34     end
  35   end
  36 end