merge revision(s) 39384,39509,39511: [Backport ruby#7961]

shyouhei · shyouhei · commit eca9bf617ab5 · 2013-05-18T14:55:14.000Z
* lib/rexml/document.rb (REXML::Document.entity_expansion_text_limit): new attribute to read/write entity expansion text limit. the default limit is 10Kb. * lib/rexml/text.rb (REXML::Text.unnormalize): check above attribute. * lib/rexml/document.rb: move entity_expansion_limit accessor to ... * lib/rexml/rexml.rb: ... here to make rexml/text independent from REXML::Document. It causes circular require. * lib/rexml/document.rb (REXML::Document.entity_expansion_limit): deprecated. * lib/rexml/document.rb (REXML::Document.entity_expansion_limit=): deprecated. * lib/rexml/text.rb: add missing require "rexml/rexml" for REXML.entity_expansion_limit. Reported by Robert Ulejczyk. Thanks!!! [ruby-core:52895] [Bug ruby#7961] * lib/rexml/document.rb: move entity_expansion_text_limit accessor to ... * lib/rexml/document.rb (REXML::Document.entity_expansion_text_limit): * lib/rexml/document.rb (REXML::Document.entity_expansion_text_limit=): REXML.entity_expansion_text_limit. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_7@40812 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
diff --git a/ChangeLog b/ChangeLog
@@ -1,3 +1,24 @@
+Sat May 18 23:34:50 2013  Kouhei Sutou  <kou@cozmixng.org>
+
+	* lib/rexml/document.rb: move entity_expansion_text_limit accessor to ...
+	* lib/rexml/rexml.rb: ... here to make rexml/text independent from
+	  REXML::Document. It causes circular require.
+	* lib/rexml/document.rb (REXML::Document.entity_expansion_text_limit):
+	  deprecated.
+	* lib/rexml/document.rb (REXML::Document.entity_expansion_text_limit=):
+	  deprecated.
+	* lib/rexml/text.rb: add missing require "rexml/rexml" for
+	  REXML.entity_expansion_text_limit.
+	  Reported by Robert Ulejczyk. Thanks!!! [ruby-core:52895] [Bug #7961]
+
+Sat May 18 23:34:50 2013  Aaron Patterson <aaron@tenderlovemaking.com>
+
+	* lib/rexml/document.rb (REXML::Document.entity_expansion_text_limit):
+	  new attribute to read/write entity expansion text limit.  the default
+	  limit is 10Kb.
+
+	* lib/rexml/text.rb (REXML::Text.unnormalize): check above attribute.
+
 Fri Oct 12 12:25:15 2012  URABE Shyouhei  <shyouhei@ruby-lang.org>
 
 	* error.c (name_err_to_s): we need not infect msg.
diff --git a/lib/rexml/document.rb b/lib/rexml/document.rb
@@ -213,6 +213,20 @@ def Document::entity_expansion_limit
       return @@entity_expansion_limit
     end
 
+    # Set the entity expansion limit. By default the limit is set to 10240.
+    #
+    # Deprecated. Use REXML.entity_expansion_text_limit= instead.
+    def Document::entity_expansion_text_limit=( val )
+      REXML.entity_expansion_text_limit = val
+    end
+
+    # Get the entity expansion limit. By default the limit is set to 10000.
+    #
+    # Deprecated. Use REXML.entity_expansion_text_limit instead.
+    def Document::entity_expansion_text_limit
+      return REXML.entity_expansion_text_limit
+    end
+
     attr_reader :entity_expansion_count
     
     def record_entity_expansion
diff --git a/lib/rexml/rexml.rb b/lib/rexml/rexml.rb
@@ -29,4 +29,16 @@ module REXML
 
   Copyright = COPYRIGHT
   Version = VERSION
+
+  @@entity_expansion_text_limit = 10_240
+
+  # Set the entity expansion limit. By default the limit is set to 10240.
+  def self.entity_expansion_text_limit=( val )
+    @@entity_expansion_text_limit = val
+  end
+
+  # Get the entity expansion limit. By default the limit is set to 10240.
+  def self.entity_expansion_text_limit
+    return @@entity_expansion_text_limit
+  end
 end
diff --git a/lib/rexml/text.rb b/lib/rexml/text.rb
@@ -1,3 +1,4 @@
+require 'rexml/rexml'
 require 'rexml/entity'
 require 'rexml/doctype'
 require 'rexml/child'
@@ -308,37 +309,35 @@ def Text::normalize( input, doctype=nil, entity_filter=nil )
 
     # Unescapes all possible entities
     def Text::unnormalize( string, doctype=nil, filter=nil, illegal=nil )
-      rv = string.clone
-      rv.gsub!( /\r\n?/, "\n" )
-      matches = rv.scan( REFERENCE )
-      return rv if matches.size == 0
-      rv.gsub!( NUMERICENTITY ) {|m|
-        m=$1
-        m = "0#{m}" if m[0] == ?x
-        [Integer(m)].pack('U*')
+      sum = 0
+      string.gsub( /\r\n?/, "\n" ).gsub( REFERENCE ) {
+        s = Text.expand($&, doctype, filter)
+        if sum + s.bytesize > REXML.entity_expansion_text_limit
+          raise "entity expansion has grown too large"
+        else
+          sum += s.bytesize
+        end
+        s
       }
-      matches.collect!{|x|x[0]}.compact!
-      if matches.size > 0
-        if doctype
-          matches.each do |entity_reference|
-            unless filter and filter.include?(entity_reference)
-              entity_value = doctype.entity( entity_reference )
-              re = /&#{entity_reference};/
-              rv.gsub!( re, entity_value ) if entity_value
-            end
-          end
+    end
+
+    def Text.expand(ref, doctype, filter)
+      if ref[1] == ?#
+        if ref[2] == ?x
+          [ref[3...-1].to_i(16)].pack('U*')
         else
-          matches.each do |entity_reference|
-            unless filter and filter.include?(entity_reference)
-              entity_value = DocType::DEFAULT_ENTITIES[ entity_reference ]
-              re = /&#{entity_reference};/
-              rv.gsub!( re, entity_value.value ) if entity_value
-            end
-          end
+          [ref[2...-1].to_i].pack('U*')
         end
-        rv.gsub!( /&amp;/, '&' )
+      elsif ref == '&amp;'
+        '&'
+      elsif filter and filter.include?( ref[1...-1] )
+        ref
+      elsif doctype
+        doctype.entity( ref[1...-1] ) or ref
+      else
+        entity_value = DocType::DEFAULT_ENTITIES[ ref[1...-1] ]
+        entity_value ? entity_value.value : ref
       end
-      rv
     end
   end
 end
diff --git a/version.h b/version.h
@@ -1,15 +1,15 @@
 #define RUBY_VERSION "1.8.7"
-#define RUBY_RELEASE_DATE "2012-10-12"
+#define RUBY_RELEASE_DATE "2013-05-18"
 #define RUBY_VERSION_CODE 187
-#define RUBY_RELEASE_CODE 20121012
-#define RUBY_PATCHLEVEL 371
+#define RUBY_RELEASE_CODE 20130518
+#define RUBY_PATCHLEVEL 372
 
 #define RUBY_VERSION_MAJOR 1
 #define RUBY_VERSION_MINOR 8
 #define RUBY_VERSION_TEENY 7
-#define RUBY_RELEASE_YEAR 2012
-#define RUBY_RELEASE_MONTH 10
-#define RUBY_RELEASE_DAY 12
+#define RUBY_RELEASE_YEAR 2013
+#define RUBY_RELEASE_MONTH 5
+#define RUBY_RELEASE_DAY 18
 
 #ifdef RUBY_EXTERN
 RUBY_EXTERN const char ruby_version[];
