Frequently Asked Questions
Frequently Asked Questions: M-Files
DTD prohibited error in M-Files 2018 file sources
Posted by Henri Huhtamäki (M-Files) on 31 January 2019 03:05 PM

Overview

M-Files 2018 prohibits the use of DTD references in XML when importing files from an external file source and reading metadata from an accompanying XML file.

 

Impacted Products and Versions

M-Files version 2018 onwards.

 

Symptoms

When importing an object from a file source and reading metadata from an accompanying XML that references a DTD, the object is imported but metadata mappings are skipped.

 

Sample Case

An example XML. DOCTYPE is the reference to the DTD.

Test.xml: 

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE note SYSTEM "Note.dtd">
<note>
<to>Tove</to>
<from>Jani</from>
<heading>Reminder</heading>
<body>Don't forget me this weekend!</body>
</note>

 

A file source is set up to read metadata from Test.xml. Files will be imported from the file source but the property mappings from XML will be skipped.

 

The import produces an error to windows event logs:

 

Loading the XML file "C:\XML\test.xml" failed.

XML parsing error:

Code 0xc00ce584, line 2, char 11

DTD is prohibited.

 

ExternalFileMonitor.cpp, 6837, Loading the XML file "C:\Tickets\XML\test3.xml" failed. (0x800400E1)

ExternalFileMonitor.cpp, 6890, Loading the XML file "C:\Tickets\XML\test3.xml" failed. (0x800400E1)

ExternalFileMonitor.cpp, 6890, XML parsing error:

Code 0xc00ce584, line 2, char 11

DTD is prohibited. (0x800400E2)

 

Cause and Reason

M-Files 2015.3 uses MSXML 3.0 but M-Files 2018 uses MSXML 6.0. In version 6.0 the "ProhibitDTD" is as default set to "True" as it has security implications.

DTDs can be used to create an attack on the XML parser of the computer.

Please see the following Wikipedia page for an example of such an attack https://en.wikipedia.org/wiki/Billion_laughs_attack

 

Solution / Workaround

Remove the DTD reference from XML before using it in import. This will include some programmatical preprocessing work for the XMLs.

There is an improvement suggestion to M-Files R&D to make the DTD prohibition configurable.

(0 vote(s))
This article was helpful
This article was not helpful

Help Desk Software by Kayako case