Escaping any xml entities in xml property values before saving them to the file. JM-1113

git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/trunk@9105 b35dd754-fafc-0310-a699-88a17e54d16e

Escaping any xml entities in xml property values before saving them to the file. JM-1113
git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/trunk@9105 b35dd754-fafc-0310-a699-88a17e54d16e
ec49df5c · Alex Wenckus · alex · f48044d9 · ec49df5c · ec49df5c
Commit ec49df5c authored Sep 12, 2007 by Alex Wenckus Committed by alex Sep 12, 2007
Show whitespace changes
Inline Side-by-side

Showing with 14 additions and 3 deletions

XMLProperties.java src/java/org/jivesoftware/util/XMLProperties.java +8 -2

XMLPropertiesTest.java src/test/java/org/jivesoftware/util/XMLPropertiesTest.java +6 -1

No files found.
--- a/src/java/org/jivesoftware/util/XMLProperties.java
+++ b/src/java/org/jivesoftware/util/XMLProperties.java
@@ -17,6 +17,7 @@ import org.dom4j.Element;
 import org.dom4j.Node;
 import org.dom4j.io.OutputFormat;
 import org.dom4j.io.SAXReader;
+import org.apache.commons.lang.StringEscapeUtils;
 import java.io.*;
 import java.util.*;
@@ -327,7 +328,7 @@ public class XMLProperties {
                childElement.addCDATA(value.substring(9, value.length()-3));
            }
            else {
-                childElement.setText(value);
+                childElement.setText(StringEscapeUtils.escapeXml(value));
            }
        }
        saveProperties();
@@ -379,6 +380,9 @@ public class XMLProperties {
     * @param value the new value for the property.
     */
    public synchronized void setProperty(String name, String value) {
+        if(!StringEscapeUtils.escapeXml(name).equals(name)) {
+            throw new IllegalArgumentException("Property name cannot contain XML entities.");
+        }
        if (name == null) {
            return;
        }
@@ -413,7 +417,7 @@ public class XMLProperties {
            element.addCDATA(value.substring(9, value.length()-3));
        }
        else {
-            element.setText(value);
+            element.setText(StringEscapeUtils.escapeXml(value));
        }
        // Write the XML properties to disk
        saveProperties();
@@ -456,6 +460,8 @@ public class XMLProperties {
    /**
     * Builds the document XML model up based the given reader of XML data.
+     * @param in the input stream used to build the xml document
+     * @throws java.io.IOException thrown when an error occurs reading the input stream.
     */
    private void buildDoc(Reader in) throws IOException {
        try {

--- a/src/test/java/org/jivesoftware/util/XMLPropertiesTest.java
+++ b/src/test/java/org/jivesoftware/util/XMLPropertiesTest.java
@@ -13,7 +13,6 @@ package org.jivesoftware.util;
 import junit.framework.TestCase;
 import java.io.ByteArrayInputStream;
-import java.util.Iterator;
 public class XMLPropertiesTest extends TestCase {
@@ -49,4 +48,10 @@ public class XMLPropertiesTest extends TestCase {
            i++;
        }
    }
+    public void testGetPropertyWithXMLEntity() throws Exception {
+        String xml = "<root><foo>foo&amp;bar</foo></root>";
+        XMLProperties props = new XMLProperties(new ByteArrayInputStream(xml.getBytes()));
+        assertEquals("foo&bar", props.getProperty("foo"));
+    }
 }