diff --git a/dotnet/src/dotnetcore/GxClasses/Domain/GXXmlReadWrite.cs b/dotnet/src/dotnetcore/GxClasses/Domain/GXXmlReadWrite.cs
index 2c5fe2630..00f04cbe2 100644
--- a/dotnet/src/dotnetcore/GxClasses/Domain/GXXmlReadWrite.cs
+++ b/dotnet/src/dotnetcore/GxClasses/Domain/GXXmlReadWrite.cs
@@ -113,7 +113,7 @@ public GXXMLReader()
SimpleElements = 1;
RemoveWhiteNodes = 1;
RemoveWhiteSpaces = 1;
- ReadExternalEntities = 1;
+ ReadExternalEntities = 0;
_basePath = "";
}
@@ -225,6 +225,8 @@ private void SetDtdProcessing(XmlReaderSettings treaderSettings, GXResolver reso
{
if (treaderSettings != null && !resolver.ReadExternalEntities && validationType == ValidationNone)
treaderSettings.DtdProcessing = DtdProcessing.Ignore;
+ else
+ treaderSettings.DtdProcessing = DtdProcessing.Parse;
}
public short OpenResponse(IGxHttpClient httpClient)
@@ -1187,7 +1189,7 @@ private class GXResolver: XmlUrlResolver
{
private Uri myself;
- private bool readExternalEntities = true;
+ private bool readExternalEntities = false;
private GXXMLReader xmlreader;
private UnparsedEntitiesContainer entities;
@@ -1219,6 +1221,7 @@ public GXResolver(GXXMLReader reader, UnparsedEntitiesContainer EntitiesContaine
{
xmlreader = reader;
entities = EntitiesContainer;
+ readExternalEntities = false;
}
public override object GetEntity(Uri absoluteUri, string role, Type ofObjectToReturn)
diff --git a/dotnet/src/dotnetframework/GxClasses/Domain/GXXmlReadWrite.cs b/dotnet/src/dotnetframework/GxClasses/Domain/GXXmlReadWrite.cs
index a194195ae..6dd3e77a5 100644
--- a/dotnet/src/dotnetframework/GxClasses/Domain/GXXmlReadWrite.cs
+++ b/dotnet/src/dotnetframework/GxClasses/Domain/GXXmlReadWrite.cs
@@ -1189,7 +1189,7 @@ private class GXResolver: XmlUrlResolver
{
private Uri myself;
- private bool readExternalEntities = true;
+ private bool readExternalEntities = false;
private GXXMLReader xmlreader;
private UnparsedEntitiesContainer entities;
@@ -1221,6 +1221,7 @@ public GXResolver(GXXMLReader reader, UnparsedEntitiesContainer EntitiesContaine
{
xmlreader = reader;
entities = EntitiesContainer;
+ readExternalEntities = false;
}
public override object GetEntity(Uri absoluteUri, string role, Type ofObjectToReturn)
diff --git a/dotnet/test/DotNetCoreUnitTest/DotNetCoreUnitTest.csproj b/dotnet/test/DotNetCoreUnitTest/DotNetCoreUnitTest.csproj
index 942399345..a2a06e7ab 100644
--- a/dotnet/test/DotNetCoreUnitTest/DotNetCoreUnitTest.csproj
+++ b/dotnet/test/DotNetCoreUnitTest/DotNetCoreUnitTest.csproj
@@ -18,6 +18,7 @@
+
@@ -45,6 +46,9 @@
PreserveNewest
+
+ PreserveNewest
+
PreserveNewest
@@ -172,6 +176,9 @@
+
+ PreserveNewest
+
PreserveNewest
diff --git a/dotnet/test/DotNetUnitTest/Domain/XmlReaderTest.cs b/dotnet/test/DotNetUnitTest/Domain/XmlReaderTest.cs
new file mode 100644
index 000000000..f6346cc88
--- /dev/null
+++ b/dotnet/test/DotNetUnitTest/Domain/XmlReaderTest.cs
@@ -0,0 +1,88 @@
+using System;
+using System.IO;
+using System.Xml;
+using GeneXus.XML;
+using Xunit;
+
+namespace xUnitTesting
+{
+ public class XmlReaderTest
+ {
+ [Fact]
+ public void TestExternalEntitiesEnabled()
+ {
+ TestExternalEntities(1);
+ }
+ [Fact]
+ public void TestExternalEntitiesDisabled()
+ {
+ TestExternalEntities(0);
+ }
+ void TestExternalEntities(int externalEntities)
+ {
+ string xml;
+ string value;
+ GXXMLReader xmlReader;
+
+ using (xmlReader = new GXXMLReader(Directory.GetCurrentDirectory()))
+ {
+ xmlReader.ReadExternalEntities = externalEntities;
+ xml = "";
+ xml += "";
+ xml += "";
+ xml += "";
+ xml += "] >";
+ xml += "";
+ xml += "";
+ xml += "";
+ xml += "";
+ xml += "&xxe2;";
+ xml += "";
+ xml += "";
+ xml += "";
+ xmlReader.OpenFromString(xml);
+ Assert.Equal(0, xmlReader.ErrCode);
+ Assert.Equal(string.Empty, xmlReader.ErrDescription);
+ if (!xmlReader.EOF)
+ {
+ xmlReader.Read();
+ Assert.Equal(0, xmlReader.ErrCode);
+ Assert.Equal(string.Empty, xmlReader.ErrDescription);
+ value = xmlReader.Value;
+ if (externalEntities==0)
+ Assert.Equal(string.Empty, value);
+ else
+ Assert.Equal("Envelope", value);
+ }
+ xmlReader.Close();
+ }
+
+ }
+ [Fact]
+ public void TestValidationType()
+ {
+ string value;
+ GXXMLReader xmlReader;
+
+ using (xmlReader = new GXXMLReader(Directory.GetCurrentDirectory()))
+ {
+ xmlReader.ValidationType = GXXMLReader.ValidationSchema;
+ xmlReader.AddSchema("./resources/QueryViewerObjects.xsd", "qv");
+ xmlReader.Open("./resources/QueryViewerObjects.xml");
+ Assert.Equal(string.Empty, xmlReader.ErrDescription);
+ Assert.Equal(0, xmlReader.ErrCode);
+ if (!xmlReader.EOF)
+ {
+ xmlReader.Read();
+ Assert.Equal(0, xmlReader.ErrCode);
+ Assert.Equal(string.Empty, xmlReader.ErrDescription);
+ value = xmlReader.Name;
+ Assert.Equal("Objects", value);
+ }
+ xmlReader.Close();
+ }
+
+ }
+ }
+}
diff --git a/dotnet/test/DotNetUnitTest/DotNetUnitTest.csproj b/dotnet/test/DotNetUnitTest/DotNetUnitTest.csproj
index 164d730a1..10f3f994b 100644
--- a/dotnet/test/DotNetUnitTest/DotNetUnitTest.csproj
+++ b/dotnet/test/DotNetUnitTest/DotNetUnitTest.csproj
@@ -122,6 +122,12 @@
Always
+
+ PreserveNewest
+
+
+ PreserveNewest
+
Always
diff --git a/dotnet/test/DotNetUnitTest/resources/QueryViewerObjects.xml b/dotnet/test/DotNetUnitTest/resources/QueryViewerObjects.xml
new file mode 100644
index 000000000..cc9119fef
--- /dev/null
+++ b/dotnet/test/DotNetUnitTest/resources/QueryViewerObjects.xml
@@ -0,0 +1,27 @@
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/dotnet/test/DotNetUnitTest/resources/QueryViewerObjects.xsd b/dotnet/test/DotNetUnitTest/resources/QueryViewerObjects.xsd
new file mode 100644
index 000000000..94c45a6c8
--- /dev/null
+++ b/dotnet/test/DotNetUnitTest/resources/QueryViewerObjects.xsd
@@ -0,0 +1,84 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file