From b0678e772f06c55ebf0146293fe79478259ddc87 Mon Sep 17 00:00:00 2001
From: daZongZi <stivepeim@outlook.com>
Date: Fri, 17 Jan 2025 18:15:00 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=20XML=20=E6=9C=89=E5=8F=AF?=
 =?UTF-8?q?=E8=83=BD=E5=87=BA=E7=8E=B0=E7=9A=84=E6=B3=A8=E5=85=A5=E9=A3=8E?=
 =?UTF-8?q?=E9=99=A9?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../src/main/java/com/zbkj/common/utils/XmlUtil.java   | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/crmeb/crmeb-common/src/main/java/com/zbkj/common/utils/XmlUtil.java b/crmeb/crmeb-common/src/main/java/com/zbkj/common/utils/XmlUtil.java
index 9e034784..6e96e526 100644
--- a/crmeb/crmeb-common/src/main/java/com/zbkj/common/utils/XmlUtil.java
+++ b/crmeb/crmeb-common/src/main/java/com/zbkj/common/utils/XmlUtil.java
@@ -12,6 +12,7 @@ import org.w3c.dom.Node;
 import org.w3c.dom.NodeList;
 import org.w3c.dom.Text;
 import org.xml.sax.InputSource;
+import org.xml.sax.SAXException;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.xml.parsers.DocumentBuilder;
@@ -46,13 +47,14 @@ public class XmlUtil {
         InputStream in = null;
         try {
             in = request.getInputStream();
+            setReaderFeature(reader);
             Document doc = reader.read(in);
             Element root = doc.getRootElement();
             List<Element> list = root.elements();
             for (Element element : list) {
                 map.put(element.getName(), element.getText());
             }
-        } catch (IOException | DocumentException e) {
+        } catch (IOException | DocumentException | SAXException e) {
             e.printStackTrace();
         } finally {
             try {
@@ -91,6 +93,12 @@ public class XmlUtil {
 //        return map;
 //    }
 
+    public static void setReaderFeature(SAXReader reader) throws SAXException {
+        reader.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
+        reader.setFeature("http://xml.org/sax/features/external-general-entities", false);
+        reader.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
+        reader.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
+    }
     public static HashMap<String, Object> xmlToMap(String strxml) {
         strxml = strxml.replaceFirst("encoding=\".*\"", "encoding=\"UTF-8\"");