Merge pull request #275 from rometools/ROME-234-fetcher-allowdoctypes

#234 Implemented possibility to allow doctype declarations using fetcher

rome-fetcher/src/main/java/com/rometools/fetcher/FeedFetcher.java

@@ -117,4 +117,15 @@ public interface FeedFetcher {
      * corresponding wireEntry property set.
      */
     void setPreserveWireFeed(boolean preserveWireFeed);
+    
+    /**
+     * In ROME 1.5.1 we fixed a security vulnerability by disallowing Doctype declarations by default. 
+     * This change breaks the compatibility with at least RSS 0.91N because it requires a Doctype declaration. 
+     * You are able to allow Doctype declarations again with this property. You should only activate it 
+     * when the feeds that you process are absolutely trustful. 
+     *  
+     * @param allowDoctypes true when Doctype declarations should be allowed again, false otherwise
+     */
+    void setAllowDoctypes(boolean allowDoctypes);
+
 }

rome-fetcher/src/main/java/com/rometools/fetcher/impl/AbstractFeedFetcher.java

@@ -42,6 +42,7 @@ public abstract class AbstractFeedFetcher implements FeedFetcher {
     private String userAgent;
     private boolean usingDeltaEncoding;
     private boolean preserveWireFeed;
+    private boolean allowDoctypes = false;
 
     public AbstractFeedFetcher() {
 
@@ -222,4 +223,13 @@ public abstract class AbstractFeedFetcher implements FeedFetcher {
         this.preserveWireFeed = preserveWireFeed;
     }
 
+    public boolean isAllowDoctypes() {
+        return allowDoctypes;
+    }
+
+    @Override
+    public void setAllowDoctypes(boolean allowDoctypes) {
+        this.allowDoctypes = allowDoctypes;
+    }
+    
 }

rome-fetcher/src/main/java/com/rometools/fetcher/impl/HttpClientFeedFetcher.java

@@ -275,6 +275,7 @@ public class HttpClientFeedFetcher extends AbstractFeedFetcher {
 
             final SyndFeedInput syndFeedInput = new SyndFeedInput();
             syndFeedInput.setPreserveWireFeed(isPreserveWireFeed());
+            syndFeedInput.setAllowDoctypes(isAllowDoctypes());
 
             return syndFeedInput.build(reader);
 

rome-fetcher/src/main/java/com/rometools/fetcher/impl/HttpURLFeedFetcher.java

@@ -280,11 +280,6 @@ public class HttpURLFeedFetcher extends AbstractFeedFetcher {
             is = new BufferedInputStream(inputStream);
         }
 
-        // InputStreamReader reader = new InputStreamReader(is,
-        // ResponseHandler.getCharacterEncoding(connection));
-
-        // SyndFeedInput input = new SyndFeedInput();
-
         final XmlReader reader;
         if (connection.getHeaderField("Content-Type") != null) {
             reader = new XmlReader(is, connection.getHeaderField("Content-Type"), true);
@@ -294,6 +289,7 @@ public class HttpURLFeedFetcher extends AbstractFeedFetcher {
 
         final SyndFeedInput syndFeedInput = new SyndFeedInput();
         syndFeedInput.setPreserveWireFeed(isPreserveWireFeed());
+        syndFeedInput.setAllowDoctypes(isAllowDoctypes());
 
         return syndFeedInput.build(reader);