[MOD] XML Scanner, entity expansion: stricter limits

Author: ChristianGruen

basex-core/src/main/java/org/basex/build/BuildText.java

@@ -88,15 +88,15 @@ public interface BuildText {
   /** Scanner error. */
   String INVPE = "Parameter reference not allowed here.";
   /** Scanner error. */
-  String RECENT = "Recursive entity definition.";
+  String ENTITY = "Entities: expansion limit exceeded or recursive definitions found.";
 
   /** DTD whitespace error. */
   String WSERROR = "Missing Whitespace.";
   /** DTD error. */
   String ERRDT = "Error in DTD.";
 
   /** Semicolon. */
-  byte[] SEMI = token(";");
+  byte[] SEMI = cpToken(';');
   /** CDATA token. */
   byte[] CDATA = token("CDATA[");
   /** XML document version. */

basex-core/src/main/java/org/basex/build/xml/XMLScanner.java

@@ -273,7 +273,7 @@ private void attValue(final int ch) throws IOException {
         // verify...
         final byte[] r = ref(true);
         if(r.length == 1) token.add(r);
-        else if(!input.add(r, false)) throw error(RECENT);
+        else if(!input.add(r, false)) throw error(ENTITY);
       } else {
         token.add(c);
       }
@@ -301,7 +301,7 @@ private void content(final int ch) throws IOException {
         // scan entity
         final byte[] r = ref(true);
         if(r.length == 1) token.add(r);
-        else if(!input.add(r, false)) throw error(RECENT);
+        else if(!input.add(r, false)) throw error(ENTITY);
       } else {
         if(c == ']') {
           // ']]>' not allowed in content
@@ -565,7 +565,7 @@ private int consume() throws IOException {
         final byte[] val = pents.get(key);
         if(val == null) throw error(UNKNOWNPE, key);
         check(';');
-        input.add(val, true);
+        if(!input.add(val, true)) throw error(ENTITY);
       } else {
         return ch;
       }

basex-core/src/main/java/org/basex/gui/dialog/DialogResources.java

@@ -62,7 +62,7 @@ final class DialogResources extends BaseXBack {
     final GUI gui = dialog.gui();
     final Data data = gui.context.data();
     final String label = data.meta.name + " (/)";
-    root = new ResourceRootFolder(token(label), token("/"), tree, data);
+    root = new ResourceRootFolder(token(label), cpToken('/'), tree, data);
     ((DefaultTreeModel) tree.getModel()).insertNodeInto(root, rootNode, 0);
 
     filter = new BaseXButton(dialog, FILTER);

basex-core/src/main/java/org/basex/io/in/XMLInput.java

@@ -19,6 +19,8 @@ public class XMLInput extends InputStream {
   private int ip;
   /** Current line. */
   private int line = 1;
+  /** Entity expansion counter. */
+  private int exp;
 
   /** Buffer with most recent characters. */
   private final int[] last = new int[16];
@@ -80,10 +82,10 @@ public int read() throws IOException {
    * @throws IOException I/O exception
    */
   public boolean add(final byte[] value, final boolean spaces) throws IOException {
-    if(spaces) add(new NewlineInput(Token.token(" ")));
+    if(spaces) add(new NewlineInput(Token.cpToken(' ')));
     add(new NewlineInput(value));
-    if(spaces) add(new NewlineInput(Token.token(" ")));
-    return ip < 32;
+    if(spaces) add(new NewlineInput(Token.cpToken(' ')));
+    return ++exp < 32000 && ip < 32;
   }
 
   /**

basex-core/src/main/java/org/basex/io/parse/json/JsonConstants.java

@@ -42,7 +42,7 @@ public interface JsonConstants {
   /** Token: name. */
   byte[] NAME = token("name");
   /** Token: array value. */
-  byte[] VALUE = token("_");
+  byte[] VALUE = cpToken('_');
 
   /** Supported data types. */
   byte[][] TYPES = { OBJECT, ARRAY, STRING, NUMBER, BOOLEAN, NULL };

basex-core/src/main/java/org/basex/query/func/fn/FnParseXmlFragment.java

@@ -100,7 +100,8 @@ final Item parseXml(final QueryContext qc, final boolean fragment,
     }
 
     try {
-      return new DBNode(intparse ? new XMLParser(io, mopts, true) : Parser.xmlParser(io, mopts));
+      return new DBNode(intparse ? new XMLParser(io, mopts, fragment) :
+        Parser.xmlParser(io, mopts));
     } catch(final IOException ex) {
       final Throwable th = ex.getCause();
       final QueryException qe = !(th instanceof ValidationException) ? SAXERR_X.get(info, ex) :

basex-core/src/main/java/org/basex/query/util/format/FormatterDE.java

@@ -63,7 +63,7 @@ final class FormatterDE extends Formatter {
   /** Token: eine. */
   private static final byte[] EINE = token("eine");
   /** Token: e. */
-  private static final byte[] E = token("e");
+  private static final byte[] E = cpToken('e');
   /** Token: hundert. */
   private static final byte[] HUNDERT = token("hundert");
   /** Token: tausend. */