[CMIS-902] XmlException: For security reasons DTD is prohibited in this XML document - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: DotCMIS 0.6
Fix Version/s: DotCMIS 0.7
Component/s: dotcmis
Labels:
- patch
Environment:

SharePoint Server 2013
Documentum 6.7 SP1

Description

Hello DotCMIS,

Many people using SharePoint Server 2013 are reporting this error when performing a simple listing of a folder:

DotCMIS.Exceptions.CmisConnectionException: Parsing exception! ---> System.Xml.XmlException: For security reasons DTD is prohibited in this XML document. To enable DTD processing set the DtdProcessing property on XmlReaderSettings to Parse and pass the settings into XmlReader.Create method.
at System.Xml.XmlTextReaderImpl.Throw(Exception e)
at System.Xml.XmlTextReaderImpl.ThrowWithoutLineInfo(String res)
at System.Xml.XmlTextReaderImpl.ParseDoctypeDecl()
at System.Xml.XmlTextReaderImpl.ParseDocumentContent()
at System.Xml.XmlTextReaderImpl.Read()
at System.Xml.XmlReader.MoveToContent()
at System.Xml.XmlReader.IsStartElement()
at DotCMIS.Binding.AtomPub.AtomPubParser.Parse()
at DotCMIS.Binding.AtomPub.AbstractAtomPubService.Parse[T](Stream stream)

The problem is easily fixed by adding `settings.DtdProcessing = DtdProcessing.Ignore;` in the Parse() method of atompub-parser.cs as seen in this commit: https://github.com/aegif/chemistry-dotcmis/commit/ee7e5931b8c8cdfcbbd280a1fb4956a8fcc895b8

Full explanation and a note about DDOS (I don't think DotCMIS should be too worried about DDOS, as it is mostly a client-side library): http://stackoverflow.com/a/28459398/226958

Thank you!
Nicolas

Attachments

Activity

People

Assignee:: Florian Müller

Reporter:: Nicolas Raoul

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 19/Mar/15 08:24

Updated:: 31/Mar/15 00:25

Resolved:: 30/Mar/15 14:59

Time Tracking

Estimated:

Remaining:

Logged:

Not Specified