From 1b98f38cfac2ac6caa7f178f70bcd9c5f74f16a4 Mon Sep 17 00:00:00 2001 From: Stephan Bergmann Date: Mon, 31 Oct 2016 13:07:31 +0100 Subject: css.xml.sax.XAttributeList is broken by design In the Java interface it was reportedly copied from, getValue can return null to indicate a missing attribute, but in UNOIDL that's not possible. The workaround that implementations of the UNOIDL interface resorted to is apparently to return an empty string (another option would have been to throw an exception). But the code in xmlsecurity appears to be written under the ill assumption that getValueByName would return null for a missing attribute. What the code as written actually did check was whether the return value is an empty string (because it picks the operator ==(OUString const &, sal_Unicode const *) overload, which happens to treat a null second argument like an empty string). Ideally, the code in xmlsecurity would have some way to tell a missing attribute from an empty one (via some extended XAttributeList2, or by iterating over all getNameByIndex, or ...). But for none of the affected attributes it seems expected that the attribute's value could be an empty string, so checking for an empty string seems to work reasonably well in practice. So keep it simple and just check for an empty string properly. Thanks to Tor for spotting that odd xmlsecurity code. Change-Id: Ib068ee98ef818683a43309ab4d7c3a4731e8deff --- xmlsecurity/source/helper/xsecparser.cxx | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) (limited to 'xmlsecurity') diff --git a/xmlsecurity/source/helper/xsecparser.cxx b/xmlsecurity/source/helper/xsecparser.cxx index ddc689a63793..ed3f0ff5ac35 100644 --- a/xmlsecurity/source/helper/xsecparser.cxx +++ b/xmlsecurity/source/helper/xsecparser.cxx @@ -46,7 +46,7 @@ OUString XSecParser::getIdAttr(const cssu::Reference< cssxs::XAttributeList >& x { OUString ouIdAttr = xAttribs->getValueByName("id"); - if (ouIdAttr == nullptr) + if (ouIdAttr.isEmpty()) { ouIdAttr = xAttribs->getValueByName("Id"); } @@ -91,7 +91,7 @@ void SAL_CALL XSecParser::startElement( try { OUString ouIdAttr = getIdAttr(xAttribs); - if (ouIdAttr != nullptr) + if (!ouIdAttr.isEmpty()) { m_pXSecController->collectToVerify( ouIdAttr ); } @@ -99,7 +99,7 @@ void SAL_CALL XSecParser::startElement( if ( aName == "Signature" ) { m_pXSecController->addSignature(); - if (ouIdAttr != nullptr) + if (!ouIdAttr.isEmpty()) { m_pXSecController->setId( ouIdAttr ); } @@ -107,8 +107,7 @@ void SAL_CALL XSecParser::startElement( else if ( aName == "Reference" ) { OUString ouUri = xAttribs->getValueByName("URI"); - SAL_WARN_IF( ouUri == nullptr, "xmlsecurity.helper", "URI == NULL" ); - + SAL_WARN_IF( ouUri.isEmpty(), "xmlsecurity.helper", "URI == NULL" ); if (ouUri.startsWith("#")) { /* @@ -131,7 +130,7 @@ void SAL_CALL XSecParser::startElement( { OUString ouAlgorithm = xAttribs->getValueByName("Algorithm"); - if (ouAlgorithm != nullptr && ouAlgorithm == ALGO_C14N) + if (ouAlgorithm == ALGO_C14N) /* * a xml stream */ @@ -168,7 +167,7 @@ void SAL_CALL XSecParser::startElement( } else if ( aName == "SignatureProperty" ) { - if (ouIdAttr != nullptr) + if (!ouIdAttr.isEmpty()) { m_pXSecController->setPropertyId( ouIdAttr ); } -- cgit