Sha256: ebc2cc54e4f5eb94c001aa2d21150ae2397c7992fccd3146c0e3094e5e76521d

Contents?: true

Size: 1001 Bytes

Versions: 17

Compression:

Stored size: 1001 Bytes

Contents

require 'rexml/document'
require 'rexml/entity'

# Fixes the rexml vulnerability disclosed at:
# http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/
# This fix is identical to rexml-expansion-fix version 1.0.1

unless REXML::VERSION > "3.1.7.2"
  module REXML
    class Entity < Child
      undef_method :unnormalized
      def unnormalized
        document.record_entity_expansion! if document
        v = value()
        return nil if v.nil?
        @unnormalized = Text::unnormalize(v, parent)
        @unnormalized
      end
    end
    class Document < Element
      @@entity_expansion_limit = 10_000
      def self.entity_expansion_limit= val
        @@entity_expansion_limit = val
      end

      def record_entity_expansion!
        @number_of_expansions ||= 0
        @number_of_expansions += 1
        if @number_of_expansions > @@entity_expansion_limit
          raise "Number of entity expansions exceeded, processing aborted."
        end
      end
    end
  end
end

Version data entries

17 entries across 17 versions & 4 rubygems

Version Path
3mix-castronaut-0.5.0.2 vendor/activesupport/lib/active_support/core_ext/rexml.rb
masover-castronaut-0.4.4.4 vendor/activesupport/lib/active_support/core_ext/rexml.rb
masover-castronaut-0.4.4.5 vendor/activesupport/lib/active_support/core_ext/rexml.rb
masover-castronaut-0.5.0.1 vendor/activesupport/lib/active_support/core_ext/rexml.rb
relevance-castronaut-0.4.1 vendor/activesupport/lib/active_support/core_ext/rexml.rb
relevance-castronaut-0.4.2 vendor/activesupport/lib/active_support/core_ext/rexml.rb
relevance-castronaut-0.4.3 vendor/activesupport/lib/active_support/core_ext/rexml.rb
relevance-castronaut-0.4.4 vendor/activesupport/lib/active_support/core_ext/rexml.rb
relevance-castronaut-0.4.5 vendor/activesupport/lib/active_support/core_ext/rexml.rb
relevance-castronaut-0.4.6 vendor/activesupport/lib/active_support/core_ext/rexml.rb
relevance-castronaut-0.5.0 vendor/activesupport/lib/active_support/core_ext/rexml.rb
relevance-castronaut-0.5.1 vendor/activesupport/lib/active_support/core_ext/rexml.rb
relevance-castronaut-0.5.2 vendor/activesupport/lib/active_support/core_ext/rexml.rb
relevance-castronaut-0.5.3 vendor/activesupport/lib/active_support/core_ext/rexml.rb
relevance-castronaut-0.5.4 vendor/activesupport/lib/active_support/core_ext/rexml.rb
activesupport-2.0.4 lib/active_support/core_ext/rexml.rb
activesupport-2.1.1 lib/active_support/core_ext/rexml.rb