# HG changeset patch # User lana # Date 1383262304 25200 # Node ID f610fd46463e6b0533dd92bce11a1e7d84984e64 # Parent d3b6da1b3e2533e35f6184af32b7cf84e99a3506# Parent 04778b00286a9047c0ac9606fcdf7727074fd1fd Merge diff -r d3b6da1b3e25 -r f610fd46463e src/com/sun/org/apache/xalan/internal/XalanConstants.java --- a/src/com/sun/org/apache/xalan/internal/XalanConstants.java Thu Oct 31 12:36:18 2013 -0700 +++ b/src/com/sun/org/apache/xalan/internal/XalanConstants.java Thu Oct 31 16:31:44 2013 -0700 @@ -188,6 +188,19 @@ ORACLE_JAXP_PROPERTY_PREFIX + "xmlSecurityPropertyManager"; /** + * Feature enableExtensionFunctions + */ + public static final String ORACLE_ENABLE_EXTENSION_FUNCTION = + ORACLE_JAXP_PROPERTY_PREFIX + "enableExtensionFunctions"; + public static final String SP_ORACLE_ENABLE_EXTENSION_FUNCTION = "javax.xml.enableExtensionFunctions"; + + /** + * Values for a feature + */ + public static final String FEATURE_TRUE = "true"; + public static final String FEATURE_FALSE = "false"; + + /** * Check if we're in jdk8 or above */ public static final boolean IS_JDK8_OR_ABOVE = isJavaVersionAtLeast(8); diff -r d3b6da1b3e25 -r f610fd46463e src/com/sun/org/apache/xalan/internal/utils/FeatureManager.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/com/sun/org/apache/xalan/internal/utils/FeatureManager.java Thu Oct 31 16:31:44 2013 -0700 @@ -0,0 +1,124 @@ +/* + * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package com.sun.org.apache.xalan.internal.utils; + + +import com.sun.org.apache.xalan.internal.XalanConstants; + +/** + * This class manages security related properties + * + */ +public final class FeatureManager extends FeaturePropertyBase { + + /** + * States of the settings of a property, in the order: default value, value + * set by FEATURE_SECURE_PROCESSING, jaxp.properties file, jaxp system + * properties, and jaxp api properties + */ + public static enum State { + //this order reflects the overriding order + DEFAULT, FSP, JAXPDOTPROPERTIES, SYSTEMPROPERTY, APIPROPERTY + } + + /** + * Xalan Features + */ + public static enum Feature { + ORACLE_ENABLE_EXTENSION_FUNCTION(XalanConstants.ORACLE_ENABLE_EXTENSION_FUNCTION, + "true"); + + final String name; + final String defaultValue; + + Feature(String name, String value) { + this.name = name; + this.defaultValue = value; + } + + public boolean equalsName(String propertyName) { + return (propertyName == null) ? false : name.equals(propertyName); + } + + String defaultValue() { + return defaultValue; + } + } + + /** + * Default constructor. Establishes default values + */ + public FeatureManager() { + values = new String[Feature.values().length]; + for (Feature feature : Feature.values()) { + values[feature.ordinal()] = feature.defaultValue(); + } + //read system properties or jaxp.properties + readSystemProperties(); + } + + + /** + * Check if the feature is enabled + * @param feature name of the feature + * @return true if enabled, false otherwise + */ + public boolean isFeatureEnabled(Feature feature) { + return Boolean.parseBoolean(values[feature.ordinal()]); + } + + /** + * Check if the feature is enabled + * @param propertyName name of the feature + * @return true if enabled, false otherwise + */ + public boolean isFeatureEnabled(String propertyName) { + return Boolean.parseBoolean(values[getIndex(propertyName)]); + } + + /** + * Get the index by property name + * @param propertyName property name + * @return the index of the property if found; return -1 if not + */ + public int getIndex(String propertyName){ + for (Feature feature : Feature.values()) { + if (feature.equalsName(propertyName)) { + return feature.ordinal(); + } + } + return -1; + } + + /** + * Read from system properties, or those in jaxp.properties + */ + private void readSystemProperties() { + getSystemProperty(Feature.ORACLE_ENABLE_EXTENSION_FUNCTION, + XalanConstants.SP_ORACLE_ENABLE_EXTENSION_FUNCTION); + } + +} diff -r d3b6da1b3e25 -r f610fd46463e src/com/sun/org/apache/xalan/internal/utils/FeaturePropertyBase.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/com/sun/org/apache/xalan/internal/utils/FeaturePropertyBase.java Thu Oct 31 16:31:44 2013 -0700 @@ -0,0 +1,215 @@ +/* + * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package com.sun.org.apache.xalan.internal.utils; + +import com.sun.org.apache.xalan.internal.XalanConstants; + +/** + * This is the base class for features and properties + * + */ +public abstract class FeaturePropertyBase { + + /** + * States of the settings of a property, in the order: default value, value + * set by FEATURE_SECURE_PROCESSING, jaxp.properties file, jaxp system + * properties, and jaxp api properties + */ + public static enum State { + //this order reflects the overriding order + DEFAULT, FSP, JAXPDOTPROPERTIES, SYSTEMPROPERTY, APIPROPERTY + } + + + /** + * Values of the properties as defined in enum Properties + */ + String[] values = null; + /** + * States of the settings for each property in Properties above + */ + State[] states = {State.DEFAULT, State.DEFAULT}; + + + /** + * Set the value for a specific property. + * + * @param property the property + * @param state the state of the property + * @param value the value of the property + */ + public void setValue(Enum property, State state, String value) { + //only update if it shall override + if (state.compareTo(states[property.ordinal()]) >= 0) { + values[property.ordinal()] = value; + states[property.ordinal()] = state; + } + } + + /** + * Set the value of a property by its index + * @param index the index of the property + * @param state the state of the property + * @param value the value of the property + */ + public void setValue(int index, State state, String value) { + //only update if it shall override + if (state.compareTo(states[index]) >= 0) { + values[index] = value; + states[index] = state; + } + } + + /** + * Set value by property name and state + * @param propertyName property name + * @param state the state of the property + * @param value the value of the property + * @return true if the property is managed by the security property manager; + * false if otherwise. + */ + public boolean setValue(String propertyName, State state, Object value) { + int index = getIndex(propertyName); + if (index > -1) { + setValue(index, state, (String)value); + return true; + } + return false; + } + + /** + * Set value by property name and state + * @param propertyName property name + * @param state the state of the property + * @param value the value of the property + * @return true if the property is managed by the security property manager; + * false if otherwise. + */ + public boolean setValue(String propertyName, State state, boolean value) { + int index = getIndex(propertyName); + if (index > -1) { + if (value) { + setValue(index, state, XalanConstants.FEATURE_TRUE); + } else { + setValue(index, state, XalanConstants.FEATURE_FALSE); + } + return true; + } + return false; + } + + /** + * Return the value of the specified property + * + * @param property the property + * @return the value of the property + */ + public String getValue(Enum property) { + return values[property.ordinal()]; + } + + /** + * Return the value of the specified property + * + * @param property the property + * @return the value of the property + */ + public String getValue(String property) { + int index = getIndex(property); + if (index > -1) { + return getValueByIndex(index); + } + return null; + } + + /** + * Return the value of the specified property. + * + * @param propertyName the property name + * @return the value of the property as a string. If a property is managed + * by this manager, its value shall not be null. + */ + public String getValueAsString(String propertyName) { + int index = getIndex(propertyName); + if (index > -1) { + return getValueByIndex(index); + } + + return null; + } + + /** + * Return the value of a property by its ordinal + * @param index the index of a property + * @return value of a property + */ + public String getValueByIndex(int index) { + return values[index]; + } + + /** + * Get the index by property name + * @param propertyName property name + * @return the index of the property if found; return -1 if not + */ + public abstract int getIndex(String propertyName); + + public > int getIndex(Class property, String propertyName) { + for (Enum enumItem : property.getEnumConstants()) { + if (enumItem.toString().equals(propertyName)) { + //internally, ordinal is used as index + return enumItem.ordinal(); + } + } + return -1; + }; + + + /** + * Read from system properties, or those in jaxp.properties + * + * @param property the property + * @param systemProperty the name of the system property + */ + void getSystemProperty(Enum property, String systemProperty) { + try { + String value = SecuritySupport.getSystemProperty(systemProperty); + if (value != null) { + values[property.ordinal()] = value; + states[property.ordinal()] = State.SYSTEMPROPERTY; + return; + } + + value = SecuritySupport.readJAXPProperty(systemProperty); + if (value != null) { + values[property.ordinal()] = value; + states[property.ordinal()] = State.JAXPDOTPROPERTIES; + } + } catch (NumberFormatException e) { + //invalid setting ignored + } + } +} diff -r d3b6da1b3e25 -r f610fd46463e src/com/sun/org/apache/xalan/internal/utils/XMLSecurityManager.java --- a/src/com/sun/org/apache/xalan/internal/utils/XMLSecurityManager.java Thu Oct 31 12:36:18 2013 -0700 +++ b/src/com/sun/org/apache/xalan/internal/utils/XMLSecurityManager.java Thu Oct 31 16:31:44 2013 -0700 @@ -1,42 +1,28 @@ /* - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. - * - * Copyright (c) 2013 Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * - * The contents of this file are subject to the terms of either the GNU - * General Public License Version 2 only ("GPL") or the Common Development - * and Distribution License("CDDL") (collectively, the "License"). You - * may not use this file except in compliance with the License. You can - * obtain a copy of the License at - * https://glassfish.dev.java.net/public/CDDL+GPL_1_1.html - * or packager/legal/LICENSE.txt. See the License for the specific - * language governing permissions and limitations under the License. - * - * When distributing the software, include this License Header Notice in each - * file and include the License file at packager/legal/LICENSE.txt. + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. * - * GPL Classpath Exception: - * Oracle designates this particular file as subject to the "Classpath" - * exception as provided by Oracle in the GPL Version 2 section of the License - * file that accompanied this code. - * - * Modifications: - * If applicable, add the following below the License Header, with the fields - * enclosed by brackets [] replaced by your own identifying information: - * "Portions Copyright [year] [name of copyright owner]" + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). * - * Contributor(s): - * If you wish your version of this file to be governed by only the CDDL or - * only the GPL Version 2, indicate your decision by adding "[Contributor] - * elects to include this software in this distribution under the [CDDL or GPL - * Version 2] license." If you don't indicate a single choice of license, a - * recipient has the option to distribute your version of this file under - * either the CDDL, the GPL Version 2 or to extend the choice of license to - * its licensees as provided above. However, if you add GPL Version 2 code - * and therefore, elected the GPL Version 2 license, then the option applies - * only if the new code is made subject to such option by the copyright - * holder. + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. */ + package com.sun.org.apache.xalan.internal.utils; import com.sun.org.apache.xalan.internal.XalanConstants; diff -r d3b6da1b3e25 -r f610fd46463e src/com/sun/org/apache/xalan/internal/utils/XMLSecurityPropertyManager.java --- a/src/com/sun/org/apache/xalan/internal/utils/XMLSecurityPropertyManager.java Thu Oct 31 12:36:18 2013 -0700 +++ b/src/com/sun/org/apache/xalan/internal/utils/XMLSecurityPropertyManager.java Thu Oct 31 16:31:44 2013 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2013 Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -33,20 +33,10 @@ * This class manages security related properties * */ -public final class XMLSecurityPropertyManager { +public final class XMLSecurityPropertyManager extends FeaturePropertyBase { /** - * States of the settings of a property, in the order: default value, value - * set by FEATURE_SECURE_PROCESSING, jaxp.properties file, jaxp system - * properties, and jaxp api properties - */ - public static enum State { - //this order reflects the overriding order - DEFAULT, FSP, JAXPDOTPROPERTIES, SYSTEMPROPERTY, APIPROPERTY - } - - /** - * Limits managed by the security manager + * Properties managed by the security property manager */ public static enum Property { ACCESS_EXTERNAL_DTD(XMLConstants.ACCESS_EXTERNAL_DTD, @@ -73,15 +63,6 @@ /** - * Values of the properties as defined in enum Properties - */ - private final String[] values; - /** - * States of the settings for each property in Properties above - */ - private State[] states = {State.DEFAULT, State.DEFAULT}; - - /** * Default constructor. Establishes default values */ public XMLSecurityPropertyManager() { @@ -94,86 +75,6 @@ } /** - * Set limit by property name and state - * @param propertyName property name - * @param state the state of the property - * @param value the value of the property - * @return true if the property is managed by the security property manager; - * false if otherwise. - */ - public boolean setValue(String propertyName, State state, Object value) { - int index = getIndex(propertyName); - if (index > -1) { - setValue(index, state, (String)value); - return true; - } - return false; - } - - /** - * Set the value for a specific property. - * - * @param property the property - * @param state the state of the property - * @param value the value of the property - */ - public void setValue(Property property, State state, String value) { - //only update if it shall override - if (state.compareTo(states[property.ordinal()]) >= 0) { - values[property.ordinal()] = value; - states[property.ordinal()] = state; - } - } - - /** - * Set the value of a property by its index - * @param index the index of the property - * @param state the state of the property - * @param value the value of the property - */ - public void setValue(int index, State state, String value) { - //only update if it shall override - if (state.compareTo(states[index]) >= 0) { - values[index] = value; - states[index] = state; - } - } - - /** - * Return the value of the specified property - * - * @param propertyName the property name - * @return the value of the property as a string - */ - public String getValue(String propertyName) { - int index = getIndex(propertyName); - if (index > -1) { - return getValueByIndex(index); - } - - return null; - } - - /** - * Return the value of the specified property - * - * @param property the property - * @return the value of the property - */ - public String getValue(Property property) { - return values[property.ordinal()]; - } - - /** - * Return the value of a property by its ordinal - * @param index the index of a property - * @return value of a property - */ - public String getValueByIndex(int index) { - return values[index]; - } - - /** * Get the index by property name * @param propertyName property name * @return the index of the property if found; return -1 if not @@ -198,28 +99,4 @@ XalanConstants.SP_ACCESS_EXTERNAL_STYLESHEET); } - /** - * Read from system properties, or those in jaxp.properties - * - * @param property the property - * @param systemProperty the name of the system property - */ - private void getSystemProperty(Property property, String systemProperty) { - try { - String value = SecuritySupport.getSystemProperty(systemProperty); - if (value != null) { - values[property.ordinal()] = value; - states[property.ordinal()] = State.SYSTEMPROPERTY; - return; - } - - value = SecuritySupport.readJAXPProperty(systemProperty); - if (value != null) { - values[property.ordinal()] = value; - states[property.ordinal()] = State.JAXPDOTPROPERTIES; - } - } catch (NumberFormatException e) { - //invalid setting ignored - } - } } diff -r d3b6da1b3e25 -r f610fd46463e src/com/sun/org/apache/xalan/internal/xsltc/cmdline/Compile.java --- a/src/com/sun/org/apache/xalan/internal/xsltc/cmdline/Compile.java Thu Oct 31 12:36:18 2013 -0700 +++ b/src/com/sun/org/apache/xalan/internal/xsltc/cmdline/Compile.java Thu Oct 31 16:31:44 2013 -0700 @@ -23,6 +23,7 @@ package com.sun.org.apache.xalan.internal.xsltc.cmdline; +import com.sun.org.apache.xalan.internal.utils.FeatureManager; import java.io.File; import java.net.URL; import java.util.Vector; @@ -77,7 +78,7 @@ final GetOpt getopt = new GetOpt(args, "o:d:j:p:uxhsinv"); if (args.length < 1) printUsage(); - final XSLTC xsltc = new XSLTC(true); + final XSLTC xsltc = new XSLTC(true, new FeatureManager()); xsltc.init(); int c; diff -r d3b6da1b3e25 -r f610fd46463e src/com/sun/org/apache/xalan/internal/xsltc/compiler/FunctionCall.java --- a/src/com/sun/org/apache/xalan/internal/xsltc/compiler/FunctionCall.java Thu Oct 31 12:36:18 2013 -0700 +++ b/src/com/sun/org/apache/xalan/internal/xsltc/compiler/FunctionCall.java Thu Oct 31 16:31:44 2013 -0700 @@ -42,6 +42,7 @@ import com.sun.org.apache.bcel.internal.generic.LocalVariableGen; import com.sun.org.apache.bcel.internal.generic.NEW; import com.sun.org.apache.bcel.internal.generic.PUSH; +import com.sun.org.apache.xalan.internal.utils.FeatureManager; import com.sun.org.apache.xalan.internal.xsltc.compiler.util.BooleanType; import com.sun.org.apache.xalan.internal.xsltc.compiler.util.ClassGenerator; import com.sun.org.apache.xalan.internal.xsltc.compiler.util.ErrorMsg; @@ -717,6 +718,8 @@ final ConstantPoolGen cpg = classGen.getConstantPool(); final InstructionList il = methodGen.getInstructionList(); final boolean isSecureProcessing = classGen.getParser().getXSLTC().isSecureProcessing(); + final boolean isExtensionFunctionEnabled = classGen.getParser().getXSLTC() + .getFeature(FeatureManager.Feature.ORACLE_ENABLE_EXTENSION_FUNCTION); int index; // Translate calls to methods in the BasisLibrary @@ -760,7 +763,7 @@ il.append(new INVOKESTATIC(index)); } else if (_isExtConstructor) { - if (isSecureProcessing) + if (isSecureProcessing && !isExtensionFunctionEnabled) translateUnallowedExtension(cpg, il); final String clazz = @@ -822,7 +825,7 @@ } // Invoke function calls that are handled in separate classes else { - if (isSecureProcessing) + if (isSecureProcessing && !isExtensionFunctionEnabled) translateUnallowedExtension(cpg, il); final String clazz = _chosenMethod.getDeclaringClass().getName(); diff -r d3b6da1b3e25 -r f610fd46463e src/com/sun/org/apache/xalan/internal/xsltc/compiler/XSLTC.java --- a/src/com/sun/org/apache/xalan/internal/xsltc/compiler/XSLTC.java Thu Oct 31 12:36:18 2013 -0700 +++ b/src/com/sun/org/apache/xalan/internal/xsltc/compiler/XSLTC.java Thu Oct 31 16:31:44 2013 -0700 @@ -43,6 +43,8 @@ import com.sun.org.apache.bcel.internal.classfile.JavaClass; import com.sun.org.apache.xalan.internal.XalanConstants; +import com.sun.org.apache.xalan.internal.utils.FeatureManager; +import com.sun.org.apache.xalan.internal.utils.FeatureManager.Feature; import com.sun.org.apache.xalan.internal.utils.SecuritySupport; import com.sun.org.apache.xalan.internal.utils.XMLSecurityManager; import com.sun.org.apache.xalan.internal.xsltc.compiler.util.ErrorMsg; @@ -148,11 +150,14 @@ private XMLSecurityManager _xmlSecurityManager; + private final FeatureManager _featureManager; + /** * XSLTC compiler constructor */ - public XSLTC(boolean useServicesMechanism) { + public XSLTC(boolean useServicesMechanism, FeatureManager featureManager) { _parser = new Parser(this, useServicesMechanism); + _featureManager = featureManager; } /** @@ -182,6 +187,15 @@ _useServicesMechanism = flag; } + /** + * Return the value of the specified feature + * @param name name of the feature + * @return true if the feature is enabled, false otherwise + */ + public boolean getFeature(Feature name) { + return _featureManager.isFeatureEnabled(name); + } + /** * Return allowed protocols for accessing external stylesheet. */ diff -r d3b6da1b3e25 -r f610fd46463e src/com/sun/org/apache/xalan/internal/xsltc/trax/SAX2DOM.java --- a/src/com/sun/org/apache/xalan/internal/xsltc/trax/SAX2DOM.java Thu Oct 31 12:36:18 2013 -0700 +++ b/src/com/sun/org/apache/xalan/internal/xsltc/trax/SAX2DOM.java Thu Oct 31 16:31:44 2013 -0700 @@ -74,12 +74,12 @@ DocumentBuilderFactory.newInstance(); private boolean _internal = true; - public SAX2DOM(boolean useServicesMachnism) throws ParserConfigurationException { - _document = createDocument(useServicesMachnism); + public SAX2DOM(boolean useServicesMechanism) throws ParserConfigurationException { + _document = createDocument(useServicesMechanism); _root = _document; } - public SAX2DOM(Node root, Node nextSibling, boolean useServicesMachnism) throws ParserConfigurationException { + public SAX2DOM(Node root, Node nextSibling, boolean useServicesMechanism) throws ParserConfigurationException { _root = root; if (root instanceof Document) { _document = (Document)root; @@ -88,15 +88,15 @@ _document = root.getOwnerDocument(); } else { - _document = createDocument(useServicesMachnism); + _document = createDocument(useServicesMechanism); _root = _document; } _nextSibling = nextSibling; } - public SAX2DOM(Node root, boolean useServicesMachnism) throws ParserConfigurationException { - this(root, null, useServicesMachnism); + public SAX2DOM(Node root, boolean useServicesMechanism) throws ParserConfigurationException { + this(root, null, useServicesMechanism); } public Node getDOM() { @@ -308,18 +308,19 @@ public void startDTD(String name, String publicId, String systemId) throws SAXException {} - private Document createDocument(boolean useServicesMachnism) throws ParserConfigurationException { + private Document createDocument(boolean useServicesMechanism) throws ParserConfigurationException { if (_factory == null) { - if (useServicesMachnism) + if (useServicesMechanism) { _factory = DocumentBuilderFactory.newInstance(); if (!(_factory instanceof com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderFactoryImpl)) { _internal = false; } - else + } else { _factory = DocumentBuilderFactory.newInstance( "com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderFactoryImpl", SAX2DOM.class.getClassLoader() ); + } } Document doc; if (_internal) { diff -r d3b6da1b3e25 -r f610fd46463e src/com/sun/org/apache/xalan/internal/xsltc/trax/TemplatesHandlerImpl.java --- a/src/com/sun/org/apache/xalan/internal/xsltc/trax/TemplatesHandlerImpl.java Thu Oct 31 12:36:18 2013 -0700 +++ b/src/com/sun/org/apache/xalan/internal/xsltc/trax/TemplatesHandlerImpl.java Thu Oct 31 16:31:44 2013 -0700 @@ -95,7 +95,7 @@ _tfactory = tfactory; // Instantiate XSLTC and get reference to parser object - XSLTC xsltc = new XSLTC(tfactory.useServicesMechnism()); + XSLTC xsltc = new XSLTC(tfactory.useServicesMechnism(), tfactory.getFeatureManager()); if (tfactory.getFeature(XMLConstants.FEATURE_SECURE_PROCESSING)) xsltc.setSecureProcessing(true); diff -r d3b6da1b3e25 -r f610fd46463e src/com/sun/org/apache/xalan/internal/xsltc/trax/TransformerFactoryImpl.java --- a/src/com/sun/org/apache/xalan/internal/xsltc/trax/TransformerFactoryImpl.java Thu Oct 31 12:36:18 2013 -0700 +++ b/src/com/sun/org/apache/xalan/internal/xsltc/trax/TransformerFactoryImpl.java Thu Oct 31 16:31:44 2013 -0700 @@ -25,12 +25,14 @@ import com.sun.org.apache.xalan.internal.XalanConstants; import com.sun.org.apache.xalan.internal.utils.FactoryImpl; +import com.sun.org.apache.xalan.internal.utils.FeatureManager; +import com.sun.org.apache.xalan.internal.utils.FeaturePropertyBase; import com.sun.org.apache.xalan.internal.utils.ObjectFactory; import com.sun.org.apache.xalan.internal.utils.SecuritySupport; import com.sun.org.apache.xalan.internal.utils.XMLSecurityManager; import com.sun.org.apache.xalan.internal.utils.XMLSecurityPropertyManager; import com.sun.org.apache.xalan.internal.utils.XMLSecurityPropertyManager.Property; -import com.sun.org.apache.xalan.internal.utils.XMLSecurityPropertyManager.State; +import com.sun.org.apache.xalan.internal.utils.FeaturePropertyBase.State; import com.sun.org.apache.xalan.internal.xsltc.compiler.Constants; import com.sun.org.apache.xalan.internal.xsltc.compiler.SourceLoader; import com.sun.org.apache.xalan.internal.xsltc.compiler.XSLTC; @@ -227,6 +229,8 @@ private XMLSecurityPropertyManager _xmlSecurityPropertyMgr; private XMLSecurityManager _xmlSecurityManager; + private final FeatureManager _featureManager; + /** * javax.xml.transform.sax.TransformerFactory implementation. */ @@ -240,10 +244,13 @@ private TransformerFactoryImpl(boolean useServicesMechanism) { this._useServicesMechanism = useServicesMechanism; + _featureManager = new FeatureManager(); if (System.getSecurityManager() != null) { _isSecureMode = true; _isNotSecureProcessing = false; + _featureManager.setValue(FeatureManager.Feature.ORACLE_ENABLE_EXTENSION_FUNCTION, + FeaturePropertyBase.State.FSP, XalanConstants.FEATURE_FALSE); } _xmlSecurityPropertyMgr = new XMLSecurityPropertyManager(); @@ -504,6 +511,10 @@ Property.ACCESS_EXTERNAL_STYLESHEET); } + if (value && _featureManager != null) { + _featureManager.setValue(FeatureManager.Feature.ORACLE_ENABLE_EXTENSION_FUNCTION, + FeaturePropertyBase.State.FSP, XalanConstants.FEATURE_FALSE); + } return; } else if (name.equals(XalanConstants.ORACLE_FEATURE_SERVICE_MECHANISM)) { @@ -512,6 +523,11 @@ _useServicesMechanism = value; } else { + if (_featureManager != null && + _featureManager.setValue(name, State.APIPROPERTY, value)) { + return; + } + // unknown feature ErrorMsg err = new ErrorMsg(ErrorMsg.JAXP_UNSUPPORTED_FEATURE, name); throw new TransformerConfigurationException(err.toString()); @@ -561,6 +577,13 @@ return !_isNotSecureProcessing; } + /** Check to see if the property is managed by the security manager **/ + String propertyValue = (_featureManager != null) ? + _featureManager.getValueAsString(name) : null; + if (propertyValue != null) { + return Boolean.parseBoolean(propertyValue); + } + // Feature not supported return false; } @@ -571,6 +594,13 @@ return _useServicesMechanism; } + /** + * @return the feature manager + */ + public FeatureManager getFeatureManager() { + return _featureManager; + } + /** * javax.xml.transform.sax.TransformerFactory implementation. * Get the object that is used by default during the transformation to @@ -857,7 +887,7 @@ } // Create and initialize a stylesheet compiler - final XSLTC xsltc = new XSLTC(_useServicesMechanism); + final XSLTC xsltc = new XSLTC(_useServicesMechanism, _featureManager); if (_debug) xsltc.setDebug(true); if (_enableInlining) xsltc.setTemplateInlining(true); diff -r d3b6da1b3e25 -r f610fd46463e src/com/sun/org/apache/xerces/internal/impl/XMLDocumentFragmentScannerImpl.java --- a/src/com/sun/org/apache/xerces/internal/impl/XMLDocumentFragmentScannerImpl.java Thu Oct 31 12:36:18 2013 -0700 +++ b/src/com/sun/org/apache/xerces/internal/impl/XMLDocumentFragmentScannerImpl.java Thu Oct 31 16:31:44 2013 -0700 @@ -569,32 +569,13 @@ // xerces features fReportCdataEvent = componentManager.getFeature(Constants.STAX_REPORT_CDATA_EVENT, true); - fSecurityManager = (XMLSecurityManager)componentManager.getProperty(Constants.SECURITY_MANAGER, null); - fLimitAnalyzer = fSecurityManager.getLimitAnalyzer(); - - fElementAttributeLimit = (fSecurityManager != null)? - fSecurityManager.getLimit(XMLSecurityManager.Limit.ELEMENT_ATTRIBUTE_LIMIT):0; - fNotifyBuiltInRefs = componentManager.getFeature(NOTIFY_BUILTIN_REFS, false); Object resolver = componentManager.getProperty(ENTITY_RESOLVER, null); fExternalSubsetResolver = (resolver instanceof ExternalSubsetResolver) ? (ExternalSubsetResolver) resolver : null; - // initialize vars - fMarkupDepth = 0; - fCurrentElement = null; - fElementStack.clear(); - fHasExternalDTD = false; - fStandaloneSet = false; - fStandalone = false; - fInScanContent = false; - //skipping algorithm - fShouldSkip = false; - fAdd = false; - fSkip = false; - //attribute fReadingAttributes = false; //xxx: external entities are supported in Xerces @@ -606,9 +587,6 @@ // setup Driver setScannerState(SCANNER_STATE_CONTENT); setDriver(fContentDriver); - fEntityStore = fEntityManager.getEntityStore(); - - dtdGrammarUtil = null; // JAXP 1.5 features and properties XMLSecurityPropertyManager spm = (XMLSecurityPropertyManager) @@ -617,6 +595,7 @@ fStrictURI = componentManager.getFeature(STANDARD_URI_CONFORMANT, false); + resetCommon(); //fEntityManager.test(); } // reset(XMLComponentManager) @@ -630,17 +609,7 @@ fNamespaces = ((Boolean)propertyManager.getProperty(XMLInputFactory.IS_NAMESPACE_AWARE)).booleanValue(); fNotifyBuiltInRefs = false ; - // initialize vars - fMarkupDepth = 0; - fCurrentElement = null; - fShouldSkip = false; - fAdd = false; - fSkip = false; - fElementStack.clear(); //fElementStack2.clear(); - fHasExternalDTD = false; - fStandaloneSet = false; - fStandalone = false; //fReplaceEntityReferences = true; //fSupportExternalEntities = true; Boolean bo = (Boolean)propertyManager.getProperty(XMLInputFactoryImpl.IS_REPLACING_ENTITY_REFERENCES); @@ -661,20 +630,43 @@ //we dont need to do this -- nb. //setScannerState(SCANNER_STATE_CONTENT); //setDriver(fContentDriver); - fEntityStore = fEntityManager.getEntityStore(); //fEntityManager.test(); - dtdGrammarUtil = null; - // JAXP 1.5 features and properties XMLSecurityPropertyManager spm = (XMLSecurityPropertyManager) propertyManager.getProperty(XML_SECURITY_PROPERTY_MANAGER); fAccessExternalDTD = spm.getValue(XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_DTD); fSecurityManager = (XMLSecurityManager)propertyManager.getProperty(Constants.SECURITY_MANAGER); - fLimitAnalyzer = fSecurityManager.getLimitAnalyzer(); + resetCommon(); } // reset(XMLComponentManager) + void resetCommon() { + // initialize vars + fMarkupDepth = 0; + fCurrentElement = null; + fElementStack.clear(); + fHasExternalDTD = false; + fStandaloneSet = false; + fStandalone = false; + fInScanContent = false; + //skipping algorithm + fShouldSkip = false; + fAdd = false; + fSkip = false; + + fEntityStore = fEntityManager.getEntityStore(); + dtdGrammarUtil = null; + + if (fSecurityManager != null) { + fLimitAnalyzer = fSecurityManager.getLimitAnalyzer(); + fElementAttributeLimit = fSecurityManager.getLimit(XMLSecurityManager.Limit.ELEMENT_ATTRIBUTE_LIMIT); + } else { + fLimitAnalyzer = null; + fElementAttributeLimit = 0; + } + } + /** * Returns a list of feature identifiers that are recognized by * this component. This method may return null if no features @@ -1328,7 +1320,7 @@ fAttributes.getLength() > fElementAttributeLimit){ fErrorReporter.reportError(XMLMessageFormatter.XML_DOMAIN, "ElementAttributeLimit", - new Object[]{rawname, new Integer(fAttributes.getLength()) }, + new Object[]{rawname, fElementAttributeLimit }, XMLErrorReporter.SEVERITY_FATAL_ERROR ); } diff -r d3b6da1b3e25 -r f610fd46463e src/com/sun/org/apache/xerces/internal/impl/XMLNSDocumentScannerImpl.java --- a/src/com/sun/org/apache/xerces/internal/impl/XMLNSDocumentScannerImpl.java Thu Oct 31 12:36:18 2013 -0700 +++ b/src/com/sun/org/apache/xerces/internal/impl/XMLNSDocumentScannerImpl.java Thu Oct 31 16:31:44 2013 -0700 @@ -256,7 +256,7 @@ fAttributes.getLength() > fElementAttributeLimit){ fErrorReporter.reportError(XMLMessageFormatter.XML_DOMAIN, "ElementAttributeLimit", - new Object[]{rawname, new Integer(fAttributes.getLength()) }, + new Object[]{rawname, fElementAttributeLimit }, XMLErrorReporter.SEVERITY_FATAL_ERROR ); } diff -r d3b6da1b3e25 -r f610fd46463e src/com/sun/org/apache/xerces/internal/utils/SecuritySupport.java --- a/src/com/sun/org/apache/xerces/internal/utils/SecuritySupport.java Thu Oct 31 12:36:18 2013 -0700 +++ b/src/com/sun/org/apache/xerces/internal/utils/SecuritySupport.java Thu Oct 31 16:31:44 2013 -0700 @@ -211,7 +211,7 @@ if (i > 0) { return uri.substring(i+1, uri.length()); } - return ""; + return uri; } /** diff -r d3b6da1b3e25 -r f610fd46463e src/com/sun/org/apache/xpath/internal/jaxp/JAXPExtensionsProvider.java --- a/src/com/sun/org/apache/xpath/internal/jaxp/JAXPExtensionsProvider.java Thu Oct 31 12:36:18 2013 -0700 +++ b/src/com/sun/org/apache/xpath/internal/jaxp/JAXPExtensionsProvider.java Thu Oct 31 16:31:44 2013 -0700 @@ -33,6 +33,7 @@ import com.sun.org.apache.xpath.internal.objects.XNodeSet; import com.sun.org.apache.xpath.internal.res.XPATHErrorResources; import com.sun.org.apache.xalan.internal.res.XSLMessages; +import com.sun.org.apache.xalan.internal.utils.FeatureManager; import com.sun.org.apache.xpath.internal.functions.FuncExtFunction; import java.util.Vector; @@ -54,9 +55,12 @@ } public JAXPExtensionsProvider(XPathFunctionResolver resolver, - boolean featureSecureProcessing ) { + boolean featureSecureProcessing, FeatureManager featureManager ) { this.resolver = resolver; - this.extensionInvocationDisabled = featureSecureProcessing; + if (featureSecureProcessing && + !featureManager.isFeatureEnabled(FeatureManager.Feature.ORACLE_ENABLE_EXTENSION_FUNCTION)) { + this.extensionInvocationDisabled = true; + } } /** diff -r d3b6da1b3e25 -r f610fd46463e src/com/sun/org/apache/xpath/internal/jaxp/XPathExpressionImpl.java --- a/src/com/sun/org/apache/xpath/internal/jaxp/XPathExpressionImpl.java Thu Oct 31 12:36:18 2013 -0700 +++ b/src/com/sun/org/apache/xpath/internal/jaxp/XPathExpressionImpl.java Thu Oct 31 16:31:44 2013 -0700 @@ -30,6 +30,7 @@ import com.sun.org.apache.xpath.internal.res.XPATHErrorResources; import com.sun.org.apache.xalan.internal.res.XSLMessages; import com.sun.org.apache.xalan.internal.utils.FactoryImpl; +import com.sun.org.apache.xalan.internal.utils.FeatureManager; import javax.xml.namespace.NamespaceContext; import javax.xml.namespace.QName; @@ -67,33 +68,36 @@ private boolean featureSecureProcessing = false; private boolean useServicesMechanism = true; + + private final FeatureManager featureManager; + /** Protected constructor to prevent direct instantiation; use compile() * from the context. */ - protected XPathExpressionImpl() { }; + protected XPathExpressionImpl() { + this(null, null, null, null, + false, true, new FeatureManager()); + }; protected XPathExpressionImpl(com.sun.org.apache.xpath.internal.XPath xpath, JAXPPrefixResolver prefixResolver, XPathFunctionResolver functionResolver, XPathVariableResolver variableResolver ) { - this.xpath = xpath; - this.prefixResolver = prefixResolver; - this.functionResolver = functionResolver; - this.variableResolver = variableResolver; - this.featureSecureProcessing = false; + this(xpath, prefixResolver, functionResolver, variableResolver, + false, true, new FeatureManager()); }; protected XPathExpressionImpl(com.sun.org.apache.xpath.internal.XPath xpath, - JAXPPrefixResolver prefixResolver, - XPathFunctionResolver functionResolver, - XPathVariableResolver variableResolver, - boolean featureSecureProcessing, boolean useServicesMechanism ) { + JAXPPrefixResolver prefixResolver,XPathFunctionResolver functionResolver, + XPathVariableResolver variableResolver, boolean featureSecureProcessing, + boolean useServicesMechanism, FeatureManager featureManager ) { this.xpath = xpath; this.prefixResolver = prefixResolver; this.functionResolver = functionResolver; this.variableResolver = variableResolver; this.featureSecureProcessing = featureSecureProcessing; this.useServicesMechanism = useServicesMechanism; + this.featureManager = featureManager; }; public void setXPath (com.sun.org.apache.xpath.internal.XPath xpath ) { @@ -111,7 +115,7 @@ com.sun.org.apache.xpath.internal.XPathContext xpathSupport = null; if ( functionResolver != null ) { JAXPExtensionsProvider jep = new JAXPExtensionsProvider( - functionResolver, featureSecureProcessing ); + functionResolver, featureSecureProcessing, featureManager ); xpathSupport = new com.sun.org.apache.xpath.internal.XPathContext( jep ); } else { xpathSupport = new com.sun.org.apache.xpath.internal.XPathContext(); diff -r d3b6da1b3e25 -r f610fd46463e src/com/sun/org/apache/xpath/internal/jaxp/XPathFactoryImpl.java --- a/src/com/sun/org/apache/xpath/internal/jaxp/XPathFactoryImpl.java Thu Oct 31 12:36:18 2013 -0700 +++ b/src/com/sun/org/apache/xpath/internal/jaxp/XPathFactoryImpl.java Thu Oct 31 16:31:44 2013 -0700 @@ -24,6 +24,8 @@ import com.sun.org.apache.xalan.internal.XalanConstants; import com.sun.org.apache.xpath.internal.res.XPATHErrorResources; import com.sun.org.apache.xalan.internal.res.XSLMessages; +import com.sun.org.apache.xalan.internal.utils.FeatureManager; +import com.sun.org.apache.xalan.internal.utils.FeaturePropertyBase; import javax.xml.XMLConstants; import javax.xml.xpath.XPathFactory; @@ -68,6 +70,8 @@ private boolean _useServicesMechanism = true; + private final FeatureManager _featureManager; + public XPathFactoryImpl() { this(true); } @@ -77,9 +81,12 @@ } public XPathFactoryImpl(boolean useServicesMechanism) { + _featureManager = new FeatureManager(); if (System.getSecurityManager() != null) { _isSecureMode = true; _isNotSecureProcessing = false; + _featureManager.setValue(FeatureManager.Feature.ORACLE_ENABLE_EXTENSION_FUNCTION, + FeaturePropertyBase.State.FSP, XalanConstants.FEATURE_FALSE); } this._useServicesMechanism = useServicesMechanism; } @@ -131,7 +138,8 @@ public javax.xml.xpath.XPath newXPath() { return new com.sun.org.apache.xpath.internal.jaxp.XPathImpl( xPathVariableResolver, xPathFunctionResolver, - !_isNotSecureProcessing, _useServicesMechanism ); + !_isNotSecureProcessing, _useServicesMechanism, + _featureManager ); } /** @@ -181,6 +189,10 @@ } _isNotSecureProcessing = !value; + if (value && _featureManager != null) { + _featureManager.setValue(FeatureManager.Feature.ORACLE_ENABLE_EXTENSION_FUNCTION, + FeaturePropertyBase.State.FSP, XalanConstants.FEATURE_FALSE); + } // all done processing feature return; @@ -192,6 +204,11 @@ return; } + if (_featureManager != null && + _featureManager.setValue(name, FeaturePropertyBase.State.APIPROPERTY, value)) { + return; + } + // unknown feature String fmsg = XSLMessages.createXPATHMessage( XPATHErrorResources.ER_FEATURE_UNKNOWN, @@ -240,6 +257,14 @@ if (name.equals(XalanConstants.ORACLE_FEATURE_SERVICE_MECHANISM)) { return _useServicesMechanism; } + + /** Check to see if the property is managed by the security manager **/ + String propertyValue = (_featureManager != null) ? + _featureManager.getValueAsString(name) : null; + if (propertyValue != null) { + return _featureManager.isFeatureEnabled(name); + } + // unknown feature String fmsg = XSLMessages.createXPATHMessage( XPATHErrorResources.ER_GETTING_UNKNOWN_FEATURE, diff -r d3b6da1b3e25 -r f610fd46463e src/com/sun/org/apache/xpath/internal/jaxp/XPathImpl.java --- a/src/com/sun/org/apache/xpath/internal/jaxp/XPathImpl.java Thu Oct 31 12:36:18 2013 -0700 +++ b/src/com/sun/org/apache/xpath/internal/jaxp/XPathImpl.java Thu Oct 31 16:31:44 2013 -0700 @@ -35,6 +35,7 @@ import com.sun.org.apache.xpath.internal.res.XPATHErrorResources; import com.sun.org.apache.xalan.internal.res.XSLMessages; import com.sun.org.apache.xalan.internal.utils.FactoryImpl; +import com.sun.org.apache.xalan.internal.utils.FeatureManager; import org.w3c.dom.Node; import org.w3c.dom.Document; @@ -70,18 +71,20 @@ // extensions function need to throw XPathFunctionException private boolean featureSecureProcessing = false; private boolean useServiceMechanism = true; + private final FeatureManager featureManager; XPathImpl( XPathVariableResolver vr, XPathFunctionResolver fr ) { - this.origVariableResolver = this.variableResolver = vr; - this.origFunctionResolver = this.functionResolver = fr; + this(vr, fr, false, true, new FeatureManager()); } XPathImpl( XPathVariableResolver vr, XPathFunctionResolver fr, - boolean featureSecureProcessing, boolean useServiceMechanism ) { + boolean featureSecureProcessing, boolean useServiceMechanism, + FeatureManager featureManager) { this.origVariableResolver = this.variableResolver = vr; this.origFunctionResolver = this.functionResolver = fr; this.featureSecureProcessing = featureSecureProcessing; this.useServiceMechanism = useServiceMechanism; + this.featureManager = featureManager; } /** @@ -190,7 +193,7 @@ com.sun.org.apache.xpath.internal.XPathContext xpathSupport = null; if ( functionResolver != null ) { JAXPExtensionsProvider jep = new JAXPExtensionsProvider( - functionResolver, featureSecureProcessing ); + functionResolver, featureSecureProcessing, featureManager ); xpathSupport = new com.sun.org.apache.xpath.internal.XPathContext( jep ); } else { xpathSupport = new com.sun.org.apache.xpath.internal.XPathContext(); @@ -391,7 +394,7 @@ // Can have errorListener XPathExpressionImpl ximpl = new XPathExpressionImpl (xpath, prefixResolver, functionResolver, variableResolver, - featureSecureProcessing, useServiceMechanism ); + featureSecureProcessing, useServiceMechanism, featureManager ); return ximpl; } catch ( javax.xml.transform.TransformerException te ) { throw new XPathExpressionException ( te ) ;