Nicolas Raoul created CMIS-902:
----------------------------------
Summary: XmlException: For security reasons DTD is prohibited in
this XML document
Key: CMIS-902
URL: https://issues.apache.org/jira/browse/CMIS-902
Project: Chemistry
Issue Type: Bug
Components: dotcmis
Affects Versions: DotCMIS 0.6
Environment: SharePoint Server 2013
Documentum 6.7 SP1
Reporter: Nicolas Raoul
Hello DotCMIS,
Many people using SharePoint Server 2013 are reporting this error when
performing a simple listing of a folder:
DotCMIS.Exceptions.CmisConnectionException: Parsing exception! --->
System.Xml.XmlException: For security reasons DTD is prohibited in this XML
document. To enable DTD processing set the DtdProcessing property on
XmlReaderSettings to Parse and pass the settings into XmlReader.Create method.
at System.Xml.XmlTextReaderImpl.Throw(Exception e)
at System.Xml.XmlTextReaderImpl.ThrowWithoutLineInfo(String res)
at System.Xml.XmlTextReaderImpl.ParseDoctypeDecl()
at System.Xml.XmlTextReaderImpl.ParseDocumentContent()
at System.Xml.XmlTextReaderImpl.Read()
at System.Xml.XmlReader.MoveToContent()
at System.Xml.XmlReader.IsStartElement()
at DotCMIS.Binding.AtomPub.AtomPubParser.Parse()
at DotCMIS.Binding.AtomPub.AbstractAtomPubService.Parse[T](Stream stream)
The problem is easily fixed by adding `settings.DtdProcessing =
DtdProcessing.Ignore;` in the Parse() method of atompub-parser.cs as seen in
this commit:
https://github.com/aegif/chemistry-dotcmis/commit/ee7e5931b8c8cdfcbbd280a1fb4956a8fcc895b8
Full explanation and a note about DDOS (I don't think DotCMIS should be too
worried about DDOS, as it is mostly a client-side library):
http://stackoverflow.com/a/28459398/226958
Thank you!
Nicolas
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
