Skip to content

Commit

Permalink
Fixed XXE vulnerability when importing a new blog
Browse files Browse the repository at this point in the history
  • Loading branch information
0xLanks authored and 0xLanks committed May 5, 2022
1 parent 4033c72 commit 16343de
Showing 1 changed file with 4 additions and 2 deletions.
6 changes: 4 additions & 2 deletions BlogEngine/BlogEngine.Core/Services/Syndication/BlogML/BlogReader.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,13 +53,15 @@ public string XmlData
/// <summary>
/// Gets an XmlReader that converts BlogML data saved as string into XML stream
/// </summary>
private XmlTextReader XmlReader
private XmlReader XmlReader
{
get
{
var byteArray = Encoding.UTF8.GetBytes(this.xmlData);
var stream = new MemoryStream(byteArray);
return new XmlTextReader(stream);
XmlReaderSettings settings = new XmlReaderSettings();
settings.XmlResolver = null;
return XmlReader.Create(stream, settings);
}
}

Expand Down

0 comments on commit 16343de

Please sign in to comment.