lsm/weixin-java-tools
1
0
Fork 0
mirror of https://gitee.com/binary/weixin-java-tools.git synced 2025-10-21 11:07:37 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

#889 修复一些潜在的XXE漏洞代码

Browse Source
This commit is contained in:
Binary Wang
2018-12-20 16:47:02 +08:00
parent 9b6893161a
commit 6272639f02
3 changed files with 14 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
weixin-java-pay/src/main/java/com/github/binarywang/wxpay/bean/result/BaseWxPayResult.java
View File

@@ -27,7 +27,6 @@ import com.github.binarywang.wxpay.util.SignUtils;
import com.google.common.base.Joiner;
import com.google.common.collect.Lists;
import com.google.common.collect.Maps;
import com.google.gson.GsonBuilder;
import com.thoughtworks.xstream.XStream;
import com.thoughtworks.xstream.annotations.XStreamAlias;
import lombok.Data;
@@ -191,9 +190,9 @@ public abstract class BaseWxPayResult implements Serializable {
}
try {
this.xmlDoc = DocumentBuilderFactory
.newInstance()
.newDocumentBuilder()
final DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
factory.setExpandEntityReferences(false);
this.xmlDoc = factory.newDocumentBuilder()
.parse(new ByteArrayInputStream(this.xmlString.getBytes(StandardCharsets.UTF_8)));
return xmlDoc;
} catch (SAXException | IOException | ParserConfigurationException e) {