diff options
| author | Matthew Wild <mwild1@gmail.com> | 2011-06-01 23:25:24 +0100 |
|---|---|---|
| committer | Matthew Wild <mwild1@gmail.com> | 2011-06-01 23:25:24 +0100 |
| commit | 8d2f23ee55577d3b774ada26601141e977da2e6f (patch) | |
| tree | b1f844f0cc62d06b40c9ea946212e45a372493c3 /core | |
| parent | bb6d7b0d22622dce365e26793093b11b4582795b (diff) | |
| parent | eca112c21aec5a646a18d1b6f6150b63535b4347 (diff) | |
| download | prosody-8d2f23ee55577d3b774ada26601141e977da2e6f.tar.gz prosody-8d2f23ee55577d3b774ada26601141e977da2e6f.zip | |
Merge 0.6->0.7
Diffstat (limited to 'core')
| -rw-r--r-- | core/xmlhandlers.lua | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/core/xmlhandlers.lua b/core/xmlhandlers.lua index b7992f77..47db75d3 100644 --- a/core/xmlhandlers.lua +++ b/core/xmlhandlers.lua @@ -17,6 +17,16 @@ local t_concat = table.concat; local default_log = require "util.logger".init("xmlhandlers"); +-- COMPAT: w/LuaExpat 1.1.0 +local lxp_supports_doctype = pcall(lxp.new, { StartDoctypeDecl = false }); + +if not lxp_supports_doctype then + default_log("warn", "The version of LuaExpat on your system leaves Prosody " + .."vulnerable to denial-of-service attacks. You should upgrade to " + .."LuaExpat 1.1.1 or higher as soon as possible. See " + .."http://prosody.im/doc/depends#luaexpat for more information."); +end + local error = error; module "xmlhandlers" @@ -139,6 +149,18 @@ function init_xmlhandlers(session, stream_callbacks) stanza, chardata = nil, {}; end end + + local function restricted_handler() + cb_error(session, "parse-error", "restricted-xml", "Restricted XML, see RFC 6120 section 11.1."); + end + + if lxp_supports_doctype then + xml_handlers.StartDoctypeDecl = restricted_handler; + end + xml_handlers.Comment = restricted_handler; + xml_handlers.StartCdataSection = restricted_handler; + xml_handlers.ProcessingInstruction = restricted_handler; + return xml_handlers; end |