[xml] [BUG] [PATCH] --postvalid broken after CVE-2014-0191 fix

Hi Daniel,

The fix for the CVE-2014-0191 broke the --postvalid option. In that case, DTDs 
are not loaded even though requested on the command line. This was the 
CVE-2014-0191 patch:


With --postvalid specified on the command line, the XML_PARSE_DTDVALID is not 
set in ctxt->options; instead, XML_PARSE_DTDLOAD is set). Same goes for the 
other options that set XML_PARSE_DTDLOAD, --dtdvalid and --dtdvalidfpi.

Patch attached.


Attachment: postvalid-broken.diff
Description: Text Data

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]