diff --git a/OpenSim/Capabilities/LLSD.cs b/OpenSim/Capabilities/LLSD.cs index 76e439f9e7..5ed312ce90 100644 --- a/OpenSim/Capabilities/LLSD.cs +++ b/OpenSim/Capabilities/LLSD.cs @@ -83,6 +83,9 @@ namespace OpenSim.Framework.Capabilities { using (XmlTextReader reader = new XmlTextReader(st)) { + reader.DtdProcessing = DtdProcessing.Prohibit; + reader.XmlResolver = null; + reader.Read(); SkipWS(reader); diff --git a/OpenSim/Framework/PhysicsInertia.cs b/OpenSim/Framework/PhysicsInertia.cs index 6e1579136c..8a0e43e7b4 100644 --- a/OpenSim/Framework/PhysicsInertia.cs +++ b/OpenSim/Framework/PhysicsInertia.cs @@ -187,16 +187,18 @@ namespace OpenSim.Framework if (text == String.Empty) return null; - UTF8Encoding enc = new UTF8Encoding(); - MemoryStream ms = new MemoryStream(enc.GetBytes(text)); - XmlTextReader xreader = new XmlTextReader(ms); - - PhysicsInertiaData v = new PhysicsInertiaData(); bool error; + PhysicsInertiaData v; + UTF8Encoding enc = new UTF8Encoding(); + using(MemoryStream ms = new MemoryStream(enc.GetBytes(text))) + using(XmlTextReader xreader = new XmlTextReader(ms)) + { + xreader.DtdProcessing = DtdProcessing.Prohibit; + xreader.XmlResolver = null; - v.FromXml2(xreader, out error); - - xreader.Close(); + v = new PhysicsInertiaData(); + v.FromXml2(xreader, out error); + } if (error) return null; diff --git a/OpenSim/Framework/PrimitiveBaseShape.cs b/OpenSim/Framework/PrimitiveBaseShape.cs index 5056c04156..1dc8bc3625 100644 --- a/OpenSim/Framework/PrimitiveBaseShape.cs +++ b/OpenSim/Framework/PrimitiveBaseShape.cs @@ -1595,6 +1595,9 @@ namespace OpenSim.Framework { using (XmlTextReader xtr = new XmlTextReader(sr)) { + xtr.DtdProcessing = DtdProcessing.Prohibit; + xtr.XmlResolver = null; + xtr.MoveToContent(); string type = xtr.GetAttribute("type"); diff --git a/OpenSim/Framework/Serialization/External/ExternalRepresentationUtils.cs b/OpenSim/Framework/Serialization/External/ExternalRepresentationUtils.cs index d2ca04949e..da877a7328 100644 --- a/OpenSim/Framework/Serialization/External/ExternalRepresentationUtils.cs +++ b/OpenSim/Framework/Serialization/External/ExternalRepresentationUtils.cs @@ -221,7 +221,7 @@ namespace OpenSim.Framework.Serialization.External using (StringWriter sw = new StringWriter()) using (XmlTextWriter writer = new XmlTextWriter(sw)) using (XmlTextReader wrappedReader = new XmlTextReader(xmlData, XmlNodeType.Element, null)) - using (XmlReader reader = XmlReader.Create(wrappedReader, new XmlReaderSettings() { IgnoreWhitespace = true, ConformanceLevel = ConformanceLevel.Fragment })) + using (XmlReader reader = XmlReader.Create(wrappedReader, new XmlReaderSettings() { IgnoreWhitespace = true, ConformanceLevel = ConformanceLevel.Fragment, DtdProcessing = DtdProcessing.Prohibit, XmlResolver = null })) { TransformXml(reader, writer, sceneName, homeURL, userService, scopeID); diff --git a/OpenSim/Framework/Serialization/External/LandDataSerializer.cs b/OpenSim/Framework/Serialization/External/LandDataSerializer.cs index e42d56f96b..d323f45741 100644 --- a/OpenSim/Framework/Serialization/External/LandDataSerializer.cs +++ b/OpenSim/Framework/Serialization/External/LandDataSerializer.cs @@ -178,6 +178,8 @@ namespace OpenSim.Framework.Serialization.External using (XmlTextReader reader = new XmlTextReader(new StringReader(serializedLandData))) { + reader.DtdProcessing = DtdProcessing.Prohibit; + reader.XmlResolver = null; reader.ReadStartElement("LandData"); ExternalRepresentationUtils.ExecuteReadProcessors(landData, m_ldProcessors, reader); diff --git a/OpenSim/Framework/Serialization/External/RegionSettingsSerializer.cs b/OpenSim/Framework/Serialization/External/RegionSettingsSerializer.cs index 617c451fe0..fb4f904a7a 100644 --- a/OpenSim/Framework/Serialization/External/RegionSettingsSerializer.cs +++ b/OpenSim/Framework/Serialization/External/RegionSettingsSerializer.cs @@ -63,6 +63,8 @@ namespace OpenSim.Framework.Serialization.External StringReader sr = new StringReader(serializedSettings); XmlTextReader xtr = new XmlTextReader(sr); + xtr.DtdProcessing = DtdProcessing.Prohibit; + xtr.XmlResolver = null; xtr.ReadStartElement("RegionSettings"); diff --git a/OpenSim/Framework/Serialization/External/UserInventoryItemSerializer.cs b/OpenSim/Framework/Serialization/External/UserInventoryItemSerializer.cs index 9b02553d3a..3c511404da 100644 --- a/OpenSim/Framework/Serialization/External/UserInventoryItemSerializer.cs +++ b/OpenSim/Framework/Serialization/External/UserInventoryItemSerializer.cs @@ -202,6 +202,9 @@ namespace OpenSim.Framework.Serialization.External using (XmlTextReader reader = new XmlTextReader(new StringReader(serialization))) { + reader.DtdProcessing = DtdProcessing.Prohibit; + reader.XmlResolver = null; + reader.ReadStartElement("InventoryItem"); ExternalRepresentationUtils.ExecuteReadProcessors( diff --git a/OpenSim/Framework/Servers/HttpServer/RestDeserialiseHandler.cs b/OpenSim/Framework/Servers/HttpServer/RestDeserialiseHandler.cs index bd55657815..fbc51d5753 100644 --- a/OpenSim/Framework/Servers/HttpServer/RestDeserialiseHandler.cs +++ b/OpenSim/Framework/Servers/HttpServer/RestDeserialiseHandler.cs @@ -54,6 +54,9 @@ namespace OpenSim.Framework.Servers.HttpServer TRequest deserial; using (XmlTextReader xmlReader = new XmlTextReader(request)) { + xmlReader.DtdProcessing = DtdProcessing.Prohibit; + xmlReader.XmlResolver = null; + XmlSerializer deserializer = new XmlSerializer(typeof (TRequest)); deserial = (TRequest) deserializer.Deserialize(xmlReader); } diff --git a/OpenSim/Framework/Servers/HttpServer/RestSessionService.cs b/OpenSim/Framework/Servers/HttpServer/RestSessionService.cs index 68073c1164..dc720ddaa1 100644 --- a/OpenSim/Framework/Servers/HttpServer/RestSessionService.cs +++ b/OpenSim/Framework/Servers/HttpServer/RestSessionService.cs @@ -210,6 +210,8 @@ namespace OpenSim.Framework.Servers.HttpServer { try { + xmlReader.DtdProcessing = DtdProcessing.Prohibit; + xmlReader.XmlResolver = null; XmlSerializer deserializer = new XmlSerializer(typeof(RestSessionObject)); deserial = (RestSessionObject)deserializer.Deserialize(xmlReader); } @@ -269,6 +271,8 @@ namespace OpenSim.Framework.Servers.HttpServer { try { + xmlReader.DtdProcessing = DtdProcessing.Prohibit; + xmlReader.XmlResolver = null; XmlSerializer deserializer = new XmlSerializer(typeof(TRequest)); deserial = (TRequest)deserializer.Deserialize(xmlReader); } diff --git a/OpenSim/Region/CoreModules/Avatar/BakedTextures/XBakesModule.cs b/OpenSim/Region/CoreModules/Avatar/BakedTextures/XBakesModule.cs index cfa9581d82..013b416492 100644 --- a/OpenSim/Region/CoreModules/Avatar/BakedTextures/XBakesModule.cs +++ b/OpenSim/Region/CoreModules/Avatar/BakedTextures/XBakesModule.cs @@ -124,6 +124,8 @@ namespace OpenSim.Region.CoreModules.Avatar.BakedTextures { using(XmlTextReader sr = new XmlTextReader(s)) { + sr.DtdProcessing = DtdProcessing.Prohibit; + sr.XmlResolver = null; sr.ReadStartElement("BakedAppearance"); while(sr.LocalName == "BakedTexture") { diff --git a/OpenSim/Region/CoreModules/World/Archiver/ArchiveReadRequest.cs b/OpenSim/Region/CoreModules/World/Archiver/ArchiveReadRequest.cs index 99ff9b5ac4..63ebf866a8 100644 --- a/OpenSim/Region/CoreModules/World/Archiver/ArchiveReadRequest.cs +++ b/OpenSim/Region/CoreModules/World/Archiver/ArchiveReadRequest.cs @@ -1130,6 +1130,8 @@ namespace OpenSim.Region.CoreModules.World.Archiver XmlNamespaceManager nsmgr = new XmlNamespaceManager(new NameTable()); XmlParserContext context = new XmlParserContext(null, nsmgr, null, XmlSpace.None); XmlTextReader xtr = new XmlTextReader(Encoding.ASCII.GetString(data), XmlNodeType.Document, context); + xtr.DtdProcessing = DtdProcessing.Prohibit; + xtr.XmlResolver = null; // Loaded metadata will be empty if no information exists in the archive dearchivedScenes.LoadedCreationDateTime = 0; diff --git a/OpenSim/Region/CoreModules/World/Archiver/AssetsDearchiver.cs b/OpenSim/Region/CoreModules/World/Archiver/AssetsDearchiver.cs index 8c0ef880d4..92c935b173 100644 --- a/OpenSim/Region/CoreModules/World/Archiver/AssetsDearchiver.cs +++ b/OpenSim/Region/CoreModules/World/Archiver/AssetsDearchiver.cs @@ -93,6 +93,8 @@ namespace OpenSim.Region.CoreModules.World.Archiver StringReader sr = new StringReader(xml); XmlTextReader reader = new XmlTextReader(sr); + reader.DtdProcessing = DtdProcessing.Prohibit; + reader.XmlResolver = null; reader.ReadStartElement("assets"); reader.Read(); diff --git a/OpenSim/Region/Framework/Scenes/Animation/DefaultAvatarAnimations.cs b/OpenSim/Region/Framework/Scenes/Animation/DefaultAvatarAnimations.cs index b8db3a966f..38ab934515 100644 --- a/OpenSim/Region/Framework/Scenes/Animation/DefaultAvatarAnimations.cs +++ b/OpenSim/Region/Framework/Scenes/Animation/DefaultAvatarAnimations.cs @@ -58,7 +58,11 @@ namespace OpenSim.Region.Framework.Scenes.Animation using (XmlTextReader reader = new XmlTextReader(path)) { + reader.DtdProcessing = DtdProcessing.Prohibit; + reader.XmlResolver = null; XmlDocument doc = new XmlDocument(); + doc.XmlResolver = null; + doc.Load(reader); // if (doc.DocumentElement != null) // { diff --git a/OpenSim/Region/Framework/Scenes/SOPVehicle.cs b/OpenSim/Region/Framework/Scenes/SOPVehicle.cs index 351eda35ed..22734b3e74 100644 --- a/OpenSim/Region/Framework/Scenes/SOPVehicle.cs +++ b/OpenSim/Region/Framework/Scenes/SOPVehicle.cs @@ -593,6 +593,8 @@ namespace OpenSim.Region.Framework.Scenes UTF8Encoding enc = new UTF8Encoding(); MemoryStream ms = new MemoryStream(enc.GetBytes(text)); XmlTextReader xreader = new XmlTextReader(ms); + xreader.DtdProcessing = DtdProcessing.Prohibit; + xreader.XmlResolver = null; SOPVehicle v = new SOPVehicle(); bool error; diff --git a/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs b/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs index 71c8807991..84367df699 100644 --- a/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs +++ b/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs @@ -2389,7 +2389,7 @@ namespace OpenSim.Region.Framework.Scenes { using (XmlTextReader wrappedReader = new XmlTextReader(xmlData, XmlNodeType.Element, null)) { - using (XmlReader reader = XmlReader.Create(wrappedReader, new XmlReaderSettings() { IgnoreWhitespace = true, ConformanceLevel = ConformanceLevel.Fragment })) + using (XmlReader reader = XmlReader.Create(wrappedReader, new XmlReaderSettings() { IgnoreWhitespace = true, ConformanceLevel = ConformanceLevel.Fragment, DtdProcessing = DtdProcessing.Prohibit, XmlResolver = null })) { reader.Read(); bool isSingleObject = reader.Name != "CoalescedObject"; diff --git a/OpenSim/Region/Framework/Scenes/Serialization/CoalescedSceneObjectsSerializer.cs b/OpenSim/Region/Framework/Scenes/Serialization/CoalescedSceneObjectsSerializer.cs index a93782e7f1..c3bc4a0da6 100644 --- a/OpenSim/Region/Framework/Scenes/Serialization/CoalescedSceneObjectsSerializer.cs +++ b/OpenSim/Region/Framework/Scenes/Serialization/CoalescedSceneObjectsSerializer.cs @@ -133,6 +133,9 @@ namespace OpenSim.Region.Framework.Scenes.Serialization { using (XmlTextReader reader = new XmlTextReader(sr)) { + reader.DtdProcessing = DtdProcessing.Prohibit; + reader.XmlResolver = null; + reader.MoveToContent(); // skip possible xml declaration if (reader.Name != "CoalescedObject") diff --git a/OpenSim/Region/Framework/Scenes/Serialization/SceneObjectSerializer.cs b/OpenSim/Region/Framework/Scenes/Serialization/SceneObjectSerializer.cs index 948c345d46..a2d512a0bf 100644 --- a/OpenSim/Region/Framework/Scenes/Serialization/SceneObjectSerializer.cs +++ b/OpenSim/Region/Framework/Scenes/Serialization/SceneObjectSerializer.cs @@ -63,7 +63,7 @@ namespace OpenSim.Region.Framework.Scenes.Serialization String fixedData = ExternalRepresentationUtils.SanitizeXml(xmlData); using (XmlTextReader wrappedReader = new XmlTextReader(fixedData, XmlNodeType.Element, null)) { - using (XmlReader reader = XmlReader.Create(wrappedReader, new XmlReaderSettings() { IgnoreWhitespace = true, ConformanceLevel = ConformanceLevel.Fragment })) + using (XmlReader reader = XmlReader.Create(wrappedReader, new XmlReaderSettings() { IgnoreWhitespace = true, ConformanceLevel = ConformanceLevel.Fragment, DtdProcessing = DtdProcessing.Prohibit, XmlResolver = null })) { try { @@ -267,18 +267,29 @@ namespace OpenSim.Region.Framework.Scenes.Serialization return null; } - StringReader sr = new StringReader(parts[0].OuterXml); - XmlTextReader reader = new XmlTextReader(sr); - SceneObjectGroup sceneObject = new SceneObjectGroup(SceneObjectPart.FromXml(reader)); - reader.Close(); - sr.Close(); + SceneObjectGroup sceneObject; + using(StringReader sr = new StringReader(parts[0].OuterXml)) + { + using(XmlTextReader reader = new XmlTextReader(sr)) + { + reader.DtdProcessing = DtdProcessing.Prohibit; + reader.XmlResolver = null; + + sceneObject = new SceneObjectGroup(SceneObjectPart.FromXml(reader)); + } + } // Then deal with the rest + SceneObjectPart part; for (int i = 1; i < parts.Count; i++) { - sr = new StringReader(parts[i].OuterXml); - reader = new XmlTextReader(sr); - SceneObjectPart part = SceneObjectPart.FromXml(reader); + using(StringReader sr = new StringReader(parts[i].OuterXml)) + { + using(XmlTextReader reader = new XmlTextReader(sr)) + { + part = SceneObjectPart.FromXml(reader); + } + } int originalLinkNum = part.LinkNum; @@ -289,8 +300,6 @@ namespace OpenSim.Region.Framework.Scenes.Serialization if (originalLinkNum != 0) part.LinkNum = originalLinkNum; - reader.Close(); - sr.Close(); } XmlNodeList keymotion = doc.GetElementsByTagName("KeyframeMotion"); diff --git a/OpenSim/Region/Framework/Scenes/Serialization/SceneXmlLoader.cs b/OpenSim/Region/Framework/Scenes/Serialization/SceneXmlLoader.cs index 34fdb6df8f..977dd731ed 100644 --- a/OpenSim/Region/Framework/Scenes/Serialization/SceneXmlLoader.cs +++ b/OpenSim/Region/Framework/Scenes/Serialization/SceneXmlLoader.cs @@ -49,14 +49,19 @@ namespace OpenSim.Region.Framework.Scenes.Serialization public static void LoadPrimsFromXml(Scene scene, string fileName, bool newIDS, Vector3 loadOffset) { XmlDocument doc = new XmlDocument(); + doc.XmlResolver=null; XmlNode rootNode; if (fileName.StartsWith("http:") || File.Exists(fileName)) { - XmlTextReader reader = new XmlTextReader(fileName); - reader.WhitespaceHandling = WhitespaceHandling.None; - doc.Load(reader); - reader.Close(); + using(XmlTextReader reader = new XmlTextReader(fileName)) + { + reader.WhitespaceHandling = WhitespaceHandling.None; + reader.DtdProcessing = DtdProcessing.Prohibit; + reader.XmlResolver = null; + + doc.Load(reader); + } rootNode = doc.FirstChild; foreach (XmlNode aPrimNode in rootNode.ChildNodes) { diff --git a/OpenSim/Region/Framework/Scenes/TerrainChannel.cs b/OpenSim/Region/Framework/Scenes/TerrainChannel.cs index 89d78cf83e..1beca0449e 100644 --- a/OpenSim/Region/Framework/Scenes/TerrainChannel.cs +++ b/OpenSim/Region/Framework/Scenes/TerrainChannel.cs @@ -196,13 +196,15 @@ namespace OpenSim.Region.Framework.Scenes // ITerrainChannel.LoadFromXmlString() public void LoadFromXmlString(string data) { - StringReader sr = new StringReader(data); - XmlTextReader reader = new XmlTextReader(sr); - reader.Read(); - - ReadXml(reader); - reader.Close(); - sr.Close(); + using(StringReader sr = new StringReader(data)) + { + using(XmlTextReader reader = new XmlTextReader(sr)) + { + reader.DtdProcessing = DtdProcessing.Prohibit; + reader.XmlResolver = null; + ReadXml(reader); + } + } } // ITerrainChannel.Merge diff --git a/OpenSim/Region/OptionalModules/Avatar/Voice/VivoxVoice/VivoxVoiceModule.cs b/OpenSim/Region/OptionalModules/Avatar/Voice/VivoxVoice/VivoxVoiceModule.cs index 57930d7979..08242b6a8c 100644 --- a/OpenSim/Region/OptionalModules/Avatar/Voice/VivoxVoice/VivoxVoiceModule.cs +++ b/OpenSim/Region/OptionalModules/Avatar/Voice/VivoxVoice/VivoxVoiceModule.cs @@ -1125,6 +1125,7 @@ namespace OpenSim.Region.OptionalModules.Avatar.Voice.VivoxVoice return null; doc = new XmlDocument(); + doc.XmlResolver = null; // Let's serialize all calls to Vivox. Most of these are driven by // the clients (CAPs), when the user arrives at the region. We don't @@ -1146,7 +1147,11 @@ namespace OpenSim.Region.OptionalModules.Avatar.Voice.VivoxVoice using (HttpWebResponse rsp = (HttpWebResponse)req.GetResponse()) using (Stream s = rsp.GetResponseStream()) using (XmlTextReader rdr = new XmlTextReader(s)) - doc.Load(rdr); + { + rdr.DtdProcessing = DtdProcessing.Prohibit; + rdr.XmlResolver = null; + doc.Load(rdr); + } } catch (Exception e) {