diff --git a/src/ui/shortcuts.cpp b/src/ui/shortcuts.cpp index 9c67d6a5db5ac19410d5597635937a169df8f810..f7d4c6017b1ca4fc55f2e188e953ae67ab30d435 100644 --- a/src/ui/shortcuts.cpp +++ b/src/ui/shortcuts.cpp @@ -231,7 +231,7 @@ Shortcuts::read(Glib::RefPtr file, bool user_set) return false; } - XML::Document *document = sp_repr_read_file(file->get_path().c_str(), nullptr); + XML::Document *document = sp_repr_read_file(file->get_path().c_str(), nullptr, true); if (!document) { std::cerr << "Shortcut::read: could not parse file: " << file->get_path() << std::endl; return false; @@ -734,7 +734,7 @@ Shortcuts::get_file_names() std::string label = Glib::path_get_basename(filename); Glib::ustring filename_relative = sp_relative_path_from_path(filename, std::string(get_path(SYSTEM, KEYS))); - XML::Document *document = sp_repr_read_file(filename.c_str(), nullptr); + XML::Document *document = sp_repr_read_file(filename.c_str(), nullptr, true); if (!document) { std::cerr << "Shortcut::get_file_names: could not parse file: " << filename.raw() << std::endl; continue; diff --git a/src/xml/repr-io.cpp b/src/xml/repr-io.cpp index 98b02b9243fec7fb7f361ee79a94fb9c79790b48..249f62fa54fc36bf3d0dc79cff3872b95a3e9e19 100644 --- a/src/xml/repr-io.cpp +++ b/src/xml/repr-io.cpp @@ -178,12 +178,7 @@ xmlDocPtr XmlSource::readXml() bool allowNetAccess = prefs->getBool("/options/externalresources/xml/allow_net_access", false); if (!allowNetAccess) parse_options |= XML_PARSE_NONET; - auto doc = xmlReadIO(readCb, closeCb, this, filename, getEncoding(), parse_options); - if (doc && doc->properties && xmlXIncludeProcessFlags(doc, XML_PARSE_NOXINCNODE) < 0) { - g_warning("XInclude processing failed for %s", filename); - } - - return doc; + return xmlReadIO(readCb, closeCb, this, filename, getEncoding(), parse_options); } int XmlSource::readCb( void * context, char * buffer, int len ) @@ -268,8 +263,15 @@ int XmlSource::close() /** * Reads XML from a file, and returns the Document. * The default namespace can also be specified, if desired. + * XIncude is dangerous to support during use-cases like automated file format conversion, so it is off by default. + * + * \param filename The actual file to read from. + * + * \param default_ns Default namespace for the document, can be nullptr. + * + * \param xinclude Process XInclude directives, which is off by default for security. */ -Document *sp_repr_read_file (const gchar * filename, const gchar *default_ns) +Document *sp_repr_read_file (const gchar * filename, const gchar *default_ns, bool xinclude) { xmlDocPtr doc = nullptr; Document * rdoc = nullptr; @@ -299,6 +301,9 @@ Document *sp_repr_read_file (const gchar * filename, const gchar *default_ns) if (src.setFile(filename) == 0) { doc = src.readXml(); + if (xinclude && doc && doc->properties && xmlXIncludeProcessFlags(doc, XML_PARSE_NOXINCNODE) < 0) { + g_warning("XInclude processing failed for %s", filename); + } rdoc = sp_repr_do_read(doc, default_ns); } diff --git a/src/xml/repr.h b/src/xml/repr.h index c560d989f4638867d026e383386c1f5b92c40d23..9cfc68791aab9079d8221b153b52bc5e22d34b07 100644 --- a/src/xml/repr.h +++ b/src/xml/repr.h @@ -52,7 +52,7 @@ Inkscape::XML::Document *sp_repr_document_new(char const *rootname); /* IO */ -Inkscape::XML::Document *sp_repr_read_file(char const *filename, char const *default_ns); +Inkscape::XML::Document *sp_repr_read_file(char const *filename, char const *default_ns, bool xinclude = false); Inkscape::XML::Document *sp_repr_read_mem(char const *buffer, int length, char const *default_ns); void sp_repr_write_stream(Inkscape::XML::Node *repr, Inkscape::IO::Writer &out, int indent_level, bool add_whitespace, Glib::QueryQuark elide_prefix,