I have added support for the ACF syntax for passing xmlFeatures directives into isXml() and xmlParse()
All to make life easier since we locked down Lucee to be secure by default
If you need these overrides for other functions, just use xmlParse() and pass the result into xmlSearch() etc
Added to 5.4.2.20-SNAPSHOT and 6.0.0.523-SNAPSHOT, still on 5.3? it’s time to upgrade
Examples in the test cases
just bumping this up, these per use overrides are available in 5.4.3.2
TryCF is now running 5.4.3.2, however, support for overriding xmlFeatures has been disabled via lucee.xmlfeatures.override.disable=true so isXml() will still return false, xmlParse with throw an error
<cfscript>
//trycf has lucee.xmlfeatures.override.disable=true set
str= '<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE hibernate-mapping PUBLIC "-//Hibernate/Hibernate Mapping DTD 3.0//EN" "http://www.hibernate.org/dtd/hibernate-mapping-3.0.dtd">
<hibernate-mapping></hibernate-mapping>';
dump(isXml(str)); // only returns boolean
dump(isXml(str, {
"secure": true,
"disallowDoctypeDecl": true,
"externalGeneralEntities": false
})); // xmlfeatures override ignored
flush;
try {
dump( xmlParse( str, false, {
"secure": true,
"disallowDoctypeDecl": true,
"externalGeneralEntities": false
})); // xmlfeatures override ignored
} catch(e){
echo(e);
}
</cfscript>
