External request lookup order issue

[ietf-svn-bot]

owner:kesara@staff.ietf.org resolution_fixed type_defect | by kesara@staff.ietf.org

---

When processing external request lookups, if the request is not an existing absolute path, xml2rfc must first look at the templates directory then fall back to the source directory.

At the moment when resolving an external resource such as

<!DOCTYPE rfc SYSTEM "rfc2629-xhtml.ent">

resolver logic is already presented with an absolute path like /<source dir absolute path>/rfc2629-xhtml.ent so xml2rfc treats rfc2629-xhtml.ent as an absolute path.

In scenarios where rfc2629-xhtml.ent file exists in the source directory, xml2rfc tries to access that file source directory instead of the rfc2629-xhtml.ent file in templates directory.
This results in a local file access error because by default only files in the template directory can be accessed.

---

Issue migrated from trac:703 at 2022-02-08 07:19:03 +0000

[ietf-svn-bot]

@kesara@staff.ietf.org commented

---

From xml2rfc/parser.py:

              To determine the path, the following algorithm is consulted:

              If REQUEST ends with '.dtd' or '.ent' then
                If REQUEST is an absolute path (local or network) then
                  Return REQUEST
                Else
                  Try TEMPLATE_DIR + REQUEST, otherwise
                  Return SOURCE_DIR + REQUEST
              Else
                If REQUEST doesn't end with '.xml' then
                  append '.xml'
                If REQUEST is an absolute path (local or network) then
                  Return REQUEST
                Else
                  If REQUEST contains intermediate directories then
                    Try each directory in LOCAL_LIB_DIRS + REQUEST, otherwise
                    Try NETWORK + REQUEST
                  Else (REQUEST is simply a filename)
                    [Recursively] Try each directory in LOCAL_LIB_DIRS + REQUEST, otherise
                    Try each explicit (bibxml, bibxml2...) subdirectory in NETWORK + REQUEST

[ietf-svn-bot]

@kesara@staff.ietf.org changed priority from medium to major

[ietf-svn-bot]

@kesara@staff.ietf.org changed status from new to accepted

[ietf-svn-bot]

@kesara@staff.ietf.org changed status from accepted to assigned

[ietf-svn-bot]

@kesara@staff.ietf.org set owner to kesara@staff.ietf.org

[ietf-svn-bot]

@kesara@staff.ietf.org commented

---

The source directory will be allowed by default similar to the templates directory.
This will fix the original issue.

xml2rfc will introduce a new warning when a .ent file is referenced:

<filename> is no longer needed as the special processing of non-ASCII characters has been superseded by direct support for non-ASCII characters in RFCXML.

References:

• https://authors.ietf.org/en/templates-and-schemas#legacy-files

[ietf-svn-bot]

@kesara@staff.ietf.org changed status from assigned to closed

[ietf-svn-bot]

@kesara@staff.ietf.org set resolution to fixed

[ietf-svn-bot]

@kesara@staff.ietf.org commented

---

Fixed in de047a5:

Improve local file lookup

• Add source directory to the allowed list.
• Disallow any files that are on child directories of the source directory.
• Add a warning when for .ent files.

Fixes #703. Commit ready for merge.

[ietf-svn-bot]

@rjsparks@nostrum.com commented

---

Fixed in e5a555c:

Merged in de047a5 from krathnayake@ietf.org:\n Improve local file lookup

• Add source directory to the allowed list.
• Disallow any files that are on child directories of the source directory.
• Add a warning when including .ent files.
  Fixes External request lookup order issue #703.