xmllint: external entity problems for directory names containing spaces on the command line
Consider the "
/tmp/a b" directory with files
<?xml version="1.0" encoding="utf-8" ?> <!DOCTYPE book [ <!ENTITY preface SYSTEM "preface.xml"> ]> <book> &preface; </book>
<?xml version="1.0" encoding="utf-8"?> <preface> <title>About this document</title> </preface>
From this directory,
xmllint --noent "/tmp/a b/book.xml" succeeds, but not outside of this directory:
$ xmllint --noent "/tmp/a b/book.xml" warning: failed to load external entity "preface.xml" /tmp/a b/book.xml:6: parser error : Failure to process entity preface &preface; ^ /tmp/a b/book.xml:6: parser error : Entity 'preface' not defined &preface; ^
The error disappears if one replaces the space by
xmllint --noent "/tmp/a%20b/book.xml". However,
strace xmllint --noent "/tmp/a%20b/book.xml" shows that
xmllint first tries
/tmp/a%20b/preface.xml before considering
/tmp/a b/book.xml and
/tmp/a b/preface.xml respectively. This means that wrong files may be opened, with possible security implications. Thus this is not a correct workaround.