Don't read external entities or XIncludes from stdin
The file input callbacks try to read from stdin if "-" is passed as URL. This should never be done when loading indirect resources like external entities or XIncludes. Unfortunately, the stdin substitution happens deep inside the IO code, so we simply replace "-" with "./-" in specific locations. This issue also affects other users of the library like libxslt. Ideally, stdin should only be substituted on explicit request. But more intrusive changes could break existing code. Closes #90 and #102.
Showing with 12 additions and 0 deletions