Project

Profile

Help

Bug #5847

closed

Collection finders should respect allowedProtocols

Added by Norm Tovey-Walsh almost 2 years ago. Updated 6 months ago.

Status:
Closed
Priority:
Normal
Category:
-
Sprint/Milestone:
-
Start date:
2023-01-23
Due date:
% Done:

100%

Estimated time:
Legacy ID:
Applies to branch:
11, 12, trunk
Fix Committed on Branch:
11, 12, trunk
Fixed in Maintenance Release:
Platforms:

Description

From https://saxonica.plan.io/boards/3/topics/9248

It seems that setting http://saxon.sf.net/feature/allowedProtocols to e.g. http,https in the intent to disallow access to the local file system prevents any direct access in the form of e.g. unparsed-text('file:/foo/bar/file.txt') but it looks as if (tested with Saxon HE 12 J and C) as if uri-collection('file:/?select=.') continues to work, meaning it returns the file URIs of found files.

Actions #4

Updated by Norm Tovey-Walsh almost 2 years ago

  • Status changed from In Progress to Resolved
  • Applies to branch 11, 12, trunk added
  • Fix Committed on Branch 11, 12, trunk added

Resolved in Saxon 11 and 12.

Actions #5

Updated by O'Neil Delpratt almost 2 years ago

  • % Done changed from 0 to 100
  • Fixed in Maintenance Release 11.5 added

Bug fix applied in the Saxon 11.5 maintenance release.

Actions #6

Updated by O'Neil Delpratt over 1 year ago

  • Status changed from Resolved to Closed
  • Fixed in Maintenance Release 12.1 added

Bug fix applied in the Saxon 12.1 maintenance release.

Actions #7

Updated by Michael Kay 6 months ago

See also bug #6450, which corrects this patch.

Please register to edit this issue

Also available in: Atom PDF