Project

Profile

Help

Actions
Send by e-mail Copy link

Bug #3807

closed

FeatureKeys.ALLOW_­EXTERNAL_­FUNCTIONS=false does not block external function calls anymore?

Added by Philipp Nanz over 6 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Michael Kay
Category:
Saxon extensions
Sprint/Milestone:
-
Start date:
2018-06-04
Due date:
% Done:

100%

Estimated time:
Legacy ID:
Applies to branch:
9.8, trunk
Fix Committed on Branch:
9.8, trunk
Fixed in Maintenance Release:
9.8.0.14
Platforms:

Description

Hello,

I'm currently in the process of updating an application that was previously running with Saxon PE 9.6.0.6 to 9.8. Everything is fine, but one security related test is failing which is testing the execution of an external function using EXPaths @file:base-dir()@.

The test case in fact is expected to fail, because FeatureKeys.ALLOW_EXTERNAL_FUNCTIONS is set to false in this particular case. To my surpise however, this code is now executing flawlessly with 9.8.

I have reproduced the same behaviour using the command line. Please find the attached example and screenshots.

Is this supposed to be working now and I just need to unregister these functions manually?

Thanks in advance for clearing this up!

Files

Download all files
saxon-9.6.png (23.5 KB) saxon-9.6.png Philipp Nanz, 2018-06-04 17:56
saxon-9.8.png (14.2 KB) saxon-9.8.png Philipp Nanz, 2018-06-04 17:56
External-functions-bug.zip (822 Bytes) External-functions-bug.zip Philipp Nanz, 2018-06-04 17:57

Please register to edit this issue

Actions
Send by e-mail Copy link

Also available in: Atom PDF