1. 02 Apr, 2019 1 commit
  2. 29 Mar, 2019 1 commit
    • Nick Wellnhofer's avatar
      Fix security framework bypass · e0355360
      Nick Wellnhofer authored
      xsltCheckRead and xsltCheckWrite return -1 in case of error but callers
      don't check for this condition and allow access. With a specially
      crafted URL, xsltCheckRead could be tricked into returning an error
      because of a supposedly invalid URL that would still be loaded
      succesfully later on.
      Fixes #12.
      Thanks to Felix Wilhelm for the report.
  3. 13 Mar, 2019 2 commits
  4. 20 Feb, 2019 1 commit
    • Nick Wellnhofer's avatar
      Always set context node before calling XPath iterators · 08b62c25
      Nick Wellnhofer authored
      The xmlXPathNext* iterators rely on the XPath context node being set to
      the start node of the iteration. Some parts of the code base like the
      xsl:key functions also leave the context node in an unspecified state.
      Make sure that the context node is reset before invoking the XPath
      iterators. Also backup and restore the context node in
      xsltNumberFormatGetMultipleLevel for good measure.
      This bug could also lead to type confusion and invalid reads in
      connection with namespace nodes.
      Fixes #13. Also see the Chromium bug report:
      Thanks to Nicolas Grégoire for the report.
  5. 15 Feb, 2019 2 commits
  6. 12 Feb, 2019 11 commits
  7. 03 Jan, 2019 1 commit
  8. 21 Nov, 2018 1 commit
    • Nick Wellnhofer's avatar
      Don't cache direct evaluation of patterns with variables · a846514a
      Nick Wellnhofer authored
      The slow pattern matching path in xsltTestCompMatchDirect caches the
      result of evaluating the pattern. But this can't be done if the pattern
      contains variables which could evaluate to different values.
      Only enable the cache for patterns like template matches that don't
      allow variable references. Don't use the cache for "count" and "from"
      patterns in xsl:number.
      A more fine-grained approach would be nice, but most effort should be
      spent on eliminating the slow path completely.
      Thanks to Martin Honnen for the report.
      Fixes #6.
  9. 26 Sep, 2018 1 commit
    • Nick Wellnhofer's avatar
      Move function result RVTs to context variable · 5e16672d
      Nick Wellnhofer authored
      If a variable with a "select" expression calls an EXSLT func:function,
      the context variable must be restored before evaluating the function
      result. This makes sure that the RVTs in the result will be moved to
      the context variable's fragment list when they're released in
      xsltReleaseLocalRVTs or xsltReleaseLocalRVTs.
      Thanks to Nikolai Weibull for the report.
  10. 22 Sep, 2018 1 commit
  11. 31 Aug, 2018 1 commit
  12. 24 Jul, 2018 2 commits
  13. 16 Jan, 2018 2 commits
  14. 29 Nov, 2017 5 commits
  15. 04 Nov, 2017 2 commits
  16. 02 Nov, 2017 3 commits
  17. 31 Oct, 2017 2 commits
  18. 25 Oct, 2017 1 commit