[librsvg] Only handle internal general entities from libxml2

[Federico Mena Quintero <federico src gnome org>]

commit 4fd5255e311b8dfe4cdf91e5c357318a8b8ba322
Author: Federico Mena Quintero <federico gnome org>
Date:   Tue Dec 4 09:48:40 2018 -0600

    Only handle internal general entities from libxml2
    
    Entities which reference external resources are... problematic,
    generally discouraged, and they don't seem to be used very much for
    SVG, as it has mechanisms for referencing external files where it
    needs them.
    
    Also, this code was never correct; for example, the publicId is not an
    URI that can be resolved from a base URI; it's just a string.
    
    Don't handle external entities at all; just internal general (parsed)
    entities, which libxml2 will substitute itself where they are used.

 librsvg/rsvg-load.c | 40 ++++++++--------------------------------
 1 file changed, 8 insertions(+), 32 deletions(-)
---
diff --git a/librsvg/rsvg-load.c b/librsvg/rsvg-load.c
index 7caaecb9..961cab25 100644
--- a/librsvg/rsvg-load.c
+++ b/librsvg/rsvg-load.c
@@ -367,42 +367,18 @@ sax_entity_decl_cb (void *data, const xmlChar * name, int type,
 {
     RsvgLoad *load = data;
     xmlEntityPtr entity;
-    xmlChar *resolvedSystemId = NULL, *resolvedPublicId = NULL;
-
-    if (systemId)
-        resolvedSystemId = xmlBuildRelativeURI (systemId, (xmlChar*) rsvg_handle_get_base_uri 
(load->handle));
-    else if (publicId)
-        resolvedPublicId = xmlBuildRelativeURI (publicId, (xmlChar*) rsvg_handle_get_base_uri 
(load->handle));
-
-    if (type == XML_EXTERNAL_PARAMETER_ENTITY && !content) {
-        char *entity_data;
-        gsize entity_data_len;
-
-        if (systemId)
-            entity_data = rsvg_handle_acquire_data (load->handle,
-                                                    (const char *) systemId,
-                                                    &entity_data_len,
-                                                    NULL);
-        else if (publicId)
-            entity_data = rsvg_handle_acquire_data (load->handle,
-                                                    (const char *) publicId,
-                                                    &entity_data_len,
-                                                    NULL);
-        else
-            entity_data = NULL;
 
-        if (entity_data) {
-            content = xmlCharStrndup (entity_data, entity_data_len);
-            g_free (entity_data);
-        }
+    if (type != XML_INTERNAL_GENERAL_ENTITY) {
+        /* We don't allow loading external entities; we don't support defining
+        * parameter entities in the DTD, and libxml2 should handle internal
+        * predefined entities by itself (e.g. "&amp;").
+        */
+        return;
     }
 
-    entity = xmlNewEntity(NULL, name, type, resolvedPublicId, resolvedSystemId, content);
-
-    xmlFree(resolvedPublicId);
-    xmlFree(resolvedSystemId);
+    entity = xmlNewEntity (NULL, name, type, NULL, NULL, content);
 
-    rsvg_xml_state_entity_insert(load->xml.rust_state, (const char *) name, entity);
+    rsvg_xml_state_entity_insert (load->xml.rust_state, (const char *) name, entity);
 }
 
 static void