Switch or's to and's so that the exploit can't be used note that this doesn't fix the issue of invalid XML. SMACK-65

git-svn-id: http://svn.igniterealtime.org/svn/repos/smack/trunk@4343 b35dd754-fafc-0310-a699-88a17e54d16e
2006-07-10 18:27:40 +00:00 · 2006-07-10 18:27:40 +00:00 · 639386759a
parent c4168bf3d7
commit 639386759a
1 changed files with 2 additions and 2 deletions
--- a/source/org/jivesoftware/smackx/provider/XHTMLExtensionProvider.java
+++ b/source/org/jivesoftware/smackx/provider/XHTMLExtensionProvider.java
@ -70,12 +70,12 @@ public class XHTMLExtensionProvider implements PacketExtensionProvider {
                    buffer.append(StringUtils.escapeForXML(parser.getText()));
                }
            } else if (eventType == XmlPullParser.END_TAG) {
-                if (parser.getName().equals("body") || parser.getDepth() <= depth) {
+                if (parser.getName().equals("body") && parser.getDepth() <= depth) {
                    buffer.append(parser.getText());
                    xhtmlExtension.addBody(buffer.toString());
                }
                else if (parser.getName().equals(xhtmlExtension.getElementName())
-                        || parser.getDepth() <= startDepth) {
+                        && parser.getDepth() <= startDepth) {
                    done = true;
                }
                else {