Fixed XXE vulnerability when importing a new blog

0xLanks · 0xLanks · commit 16343de33f2f · 2022-05-04T21:44:22.000-07:00
diff --git a/BlogEngine/BlogEngine.Core/Services/Syndication/BlogML/BlogReader.cs b/BlogEngine/BlogEngine.Core/Services/Syndication/BlogML/BlogReader.cs
@@ -53,13 +53,15 @@ public string XmlData
         /// <summary>
         ///     Gets an XmlReader that converts BlogML data saved as string into XML stream
         /// </summary>
-        private XmlTextReader XmlReader
+        private XmlReader XmlReader
         {
             get
             {
                 var byteArray = Encoding.UTF8.GetBytes(this.xmlData);
                 var stream = new MemoryStream(byteArray);
-                return new XmlTextReader(stream);
+                XmlReaderSettings settings = new XmlReaderSettings();
+                settings.XmlResolver = null;
+                return XmlReader.Create(stream, settings);
             }
         }
 

Original file line number	Diff line number	Diff line change
`@@ -53,13 +53,15 @@ public string XmlData`
`53`	`53`	`/// <summary>`
`54`	`54`	`/// Gets an XmlReader that converts BlogML data saved as string into XML stream`
`55`	`55`	`/// </summary>`
`56`		`- private XmlTextReader XmlReader`
	`56`	`+ private XmlReader XmlReader`
`57`	`57`	`{`
`58`	`58`	`get`
`59`	`59`	`{`
`60`	`60`	`var byteArray = Encoding.UTF8.GetBytes(this.xmlData);`
`61`	`61`	`var stream = new MemoryStream(byteArray);`
`62`		`- return new XmlTextReader(stream);`
	`62`	`+ XmlReaderSettings settings = new XmlReaderSettings();`
	`63`	`+ settings.XmlResolver = null;`
	`64`	`+ return XmlReader.Create(stream, settings);`
`63`	`65`	`}`
`64`	`66`	`}`
`65`	`67`