diff --git a/core/src/main/java/lucee/runtime/functions/system/GetApplicationSettings.java b/core/src/main/java/lucee/runtime/functions/system/GetApplicationSettings.java index 2f5cd7e681..71ec7e59af 100644 --- a/core/src/main/java/lucee/runtime/functions/system/GetApplicationSettings.java +++ b/core/src/main/java/lucee/runtime/functions/system/GetApplicationSettings.java @@ -89,6 +89,15 @@ public static Struct call(PageContext pc, boolean suppressFunctions) throws Page sct.setEL("clientManagement", Caster.toBoolean(ac.isSetClientManagement())); sct.setEL("clientStorage", ac.getClientstorage()); sct.setEL("sessionStorage", ac.getSessionstorage()); + + Struct xmlFeatures = acs.getXmlFeatures(); + if (xmlFeatures == null) xmlFeatures = new StructImpl(); + Struct sxml = new StructImpl(Struct.TYPE_LINKED); + sxml.setEL("secure", Caster.toBoolean(xmlFeatures.get("secure", true))); + sxml.setEL("disallowDoctypeDecl", Caster.toBoolean(xmlFeatures.get("disallowDoctypeDecl", true))); + sxml.setEL("externalGeneralEntities", Caster.toBoolean(xmlFeatures.get("externalGeneralEntities", false))); + sct.setEL("xmlFeatures", sxml); + sct.setEL("customTagPaths", toArray(ac.getCustomTagMappings())); sct.setEL("componentPaths", toArray(ac.getComponentMappings())); sct.setEL("loginStorage", AppListenerUtil.translateLoginStorage(ac.getLoginStorage())); diff --git a/test/tickets/LDEV4348.cfc b/test/tickets/LDEV4348.cfc new file mode 100644 index 0000000000..ac04b5876b --- /dev/null +++ b/test/tickets/LDEV4348.cfc @@ -0,0 +1,56 @@ +component extends = "org.lucee.cfml.test.LuceeTestCase" labels="xml" { + function beforeAll(){ + variables.uri = createURI("LDEV4348"); + } + + function run( testresults , testbox ) { + + describe( "check combined xmlFeatures getApplicationSettings", function () { + + it( title="Check xmlFeatures default",body = function ( currentSpec ) { + local.result = _InternalRequest( + template : "#uri#/LDEV4348.cfm", + forms : { + scene: "default" + } + ).filecontent.deserializeJson(); + expect( result.secure ).toBeTrue(); + expect( result.disallowDoctypeDecl ).toBeTrue(); + expect( result.externalGeneralEntities ).toBeFalse(); + }); + + it( title="Check xmlFeatures all secure",body = function ( currentSpec ) { + local.result = _InternalRequest( + template : "#uri#/LDEV4348.cfm", + forms : { + scene: "all-secure" + } + ).filecontent.deserializeJson(); + expect( result.secure ).toBeTrue(); + expect( result.disallowDoctypeDecl ).toBeTrue(); + expect( result.externalGeneralEntities ).toBeFalse(); + }); + + it( title="Check xmlFeatures all insecure, bad xml",body = function ( currentSpec ) { + local.result = _InternalRequest( + template : "#uri#/LDEV4348.cfm", + forms : { + scene: "all-insecure" + } + ).filecontent.deserializeJson(); + expect( result.secure ).toBeFalse(); + expect( result.disallowDoctypeDecl ).toBeFalse(); + expect( result.externalGeneralEntities ).toBeTrue(); + }); + + }); + + } + + private string function createURI(string calledName){ + var baseURI="/test/#listLast(getDirectoryFromPath(getCurrenttemplatepath()),"\/")#/"; + return baseURI&""&calledName; + } +} + + diff --git a/test/tickets/LDEV4348/Application.cfc b/test/tickets/LDEV4348/Application.cfc new file mode 100644 index 0000000000..efeafcde28 --- /dev/null +++ b/test/tickets/LDEV4348/Application.cfc @@ -0,0 +1,26 @@ +component { + this.name="LDEV4348"; + param name="FORM.Scene"; + + switch (FORM.Scene){ + case "all-secure": + this.xmlFeatures = { + "externalGeneralEntities": false, + "secure": true, + "disallowDoctypeDecl": true + }; + break; + case "all-insecure": + this.xmlFeatures = { + "externalGeneralEntities": true, + "secure": false, + "disallowDoctypeDecl": false + }; + break; + case "default": + break; + default: + throw "unknown scene: #form.scene#"; + break; + } +} \ No newline at end of file diff --git a/test/tickets/LDEV4348/LDEV4348.cfm b/test/tickets/LDEV4348/LDEV4348.cfm new file mode 100644 index 0000000000..7b3068bc6b --- /dev/null +++ b/test/tickets/LDEV4348/LDEV4348.cfm @@ -0,0 +1,4 @@ + + settings = getApplicationSettings(); + echo( settings.xmlFeatures.toJson() ); + \ No newline at end of file