src/org/openbravo/service/rest/DalWebService.java
changeset 9917 381dd8af30f9
parent 9072 79e55dfc8af0
--- a/src/org/openbravo/service/rest/DalWebService.java	Fri Aug 09 12:33:56 2013 +0200
+++ b/src/org/openbravo/service/rest/DalWebService.java	Wed Aug 21 17:53:54 2013 +0200
@@ -379,6 +379,9 @@
 
     try {
       final SAXReader reader = new SAXReader();
+      reader.setFeature("http://xml.org/sax/features/external-general-entities", false);
+      reader.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
+      reader.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
       final Document document = reader.read(request.getInputStream());
 
       // now parse the xml and let it be translated to a set of