nokogiri 1.5.10 → 1.10.4

data/lib/nokogiri/xml/searchable.rb

@@ -0,0 +1,230 @@
+module Nokogiri
+  module XML
+    #
+    #  The Searchable module declares the interface used for searching your DOM.
+    #
+    #  It implements the public methods `search`, `css`, and `xpath`,
+    #  as well as allowing specific implementations to specialize some
+    #  of the important behaviors.
+    #
+    module Searchable
+      # Regular expression used by Searchable#search to determine if a query
+      # string is CSS or XPath
+      LOOKS_LIKE_XPATH = /^(\.\/|\/|\.\.|\.$)/
+      
+      ###
+      # call-seq: search *paths, [namespace-bindings, xpath-variable-bindings, custom-handler-class]
+      #
+      # Search this object for +paths+. +paths+ must be one or more XPath or CSS queries:
+      #
+      #   node.search("div.employee", ".//title")
+      #
+      # A hash of namespace bindings may be appended:
+      #
+      #   node.search('.//bike:tire', {'bike' => 'http://schwinn.com/'})
+      #   node.search('bike|tire', {'bike' => 'http://schwinn.com/'})
+      #
+      # For XPath queries, a hash of variable bindings may also be
+      # appended to the namespace bindings. For example:
+      #
+      #   node.search('.//address[@domestic=$value]', nil, {:value => 'Yes'})
+      #
+      # Custom XPath functions and CSS pseudo-selectors may also be
+      # defined. To define custom functions create a class and
+      # implement the function you want to define.  The first argument
+      # to the method will be the current matching NodeSet.  Any other
+      # arguments are ones that you pass in.  Note that this class may
+      # appear anywhere in the argument list.  For example:
+      #
+      #   node.search('.//title[regex(., "\w+")]', 'div.employee:regex("[0-9]+")'
+      #     Class.new {
+      #       def regex node_set, regex
+      #         node_set.find_all { |node| node['some_attribute'] =~ /#{regex}/ }
+      #       end
+      #     }.new
+      #   )
+      #
+      # See Searchable#xpath and Searchable#css for further usage help.
+      def search *args
+        paths, handler, ns, binds = extract_params(args)
+
+        xpaths = paths.map(&:to_s).map do |path|
+          (path =~ LOOKS_LIKE_XPATH) ? path : xpath_query_from_css_rule(path, ns)
+        end.flatten.uniq
+
+        xpath(*(xpaths + [ns, handler, binds].compact))
+      end
+      alias :/ :search
+
+      ###
+      # call-seq: search *paths, [namespace-bindings, xpath-variable-bindings, custom-handler-class]
+      #
+      # Search this object for +paths+, and return only the first
+      # result. +paths+ must be one or more XPath or CSS queries.
+      #
+      # See Searchable#search for more information.
+      def at *args
+        search(*args).first
+      end
+      alias :% :at
+
+      ###
+      # call-seq: css *rules, [namespace-bindings, custom-pseudo-class]
+      #
+      # Search this object for CSS +rules+. +rules+ must be one or more CSS
+      # selectors. For example:
+      #
+      #   node.css('title')
+      #   node.css('body h1.bold')
+      #   node.css('div + p.green', 'div#one')
+      #
+      # A hash of namespace bindings may be appended. For example:
+      #
+      #   node.css('bike|tire', {'bike' => 'http://schwinn.com/'})
+      #
+      # Custom CSS pseudo classes may also be defined.  To define
+      # custom pseudo classes, create a class and implement the custom
+      # pseudo class you want defined.  The first argument to the
+      # method will be the current matching NodeSet.  Any other
+      # arguments are ones that you pass in.  For example:
+      #
+      #   node.css('title:regex("\w+")', Class.new {
+      #     def regex node_set, regex
+      #       node_set.find_all { |node| node['some_attribute'] =~ /#{regex}/ }
+      #     end
+      #   }.new)
+      #
+      # Note that the CSS query string is case-sensitive with regards
+      # to your document type. That is, if you're looking for "H1" in
+      # an HTML document, you'll never find anything, since HTML tags
+      # will match only lowercase CSS queries. However, "H1" might be
+      # found in an XML document, where tags names are case-sensitive
+      # (e.g., "H1" is distinct from "h1").
+      #
+      def css *args
+        rules, handler, ns, _ = extract_params(args)
+
+        css_internal self, rules, handler, ns
+      end
+
+      ##
+      # call-seq: css *rules, [namespace-bindings, custom-pseudo-class]
+      #
+      # Search this object for CSS +rules+, and return only the first
+      # match. +rules+ must be one or more CSS selectors.
+      #
+      # See Searchable#css for more information.
+      def at_css *args
+        css(*args).first
+      end
+
+      ###
+      # call-seq: xpath *paths, [namespace-bindings, variable-bindings, custom-handler-class]
+      #
+      # Search this node for XPath +paths+. +paths+ must be one or more XPath
+      # queries.
+      #
+      #   node.xpath('.//title')
+      #
+      # A hash of namespace bindings may be appended. For example:
+      #
+      #   node.xpath('.//foo:name', {'foo' => 'http://example.org/'})
+      #   node.xpath('.//xmlns:name', node.root.namespaces)
+      #
+      # A hash of variable bindings may also be appended to the namespace bindings. For example:
+      #
+      #   node.xpath('.//address[@domestic=$value]', nil, {:value => 'Yes'})
+      #
+      # Custom XPath functions may also be defined.  To define custom
+      # functions create a class and implement the function you want
+      # to define.  The first argument to the method will be the
+      # current matching NodeSet.  Any other arguments are ones that
+      # you pass in.  Note that this class may appear anywhere in the
+      # argument list.  For example:
+      #
+      #   node.xpath('.//title[regex(., "\w+")]', Class.new {
+      #     def regex node_set, regex
+      #       node_set.find_all { |node| node['some_attribute'] =~ /#{regex}/ }
+      #     end
+      #   }.new)
+      #
+      def xpath *args
+        paths, handler, ns, binds = extract_params(args)
+
+        xpath_internal self, paths, handler, ns, binds
+      end
+
+      ##
+      # call-seq: xpath *paths, [namespace-bindings, variable-bindings, custom-handler-class]
+      #
+      # Search this node for XPath +paths+, and return only the first
+      # match. +paths+ must be one or more XPath queries.
+      #
+      # See Searchable#xpath for more information.
+      def at_xpath *args
+        xpath(*args).first
+      end
+
+      private
+
+      def css_internal node, rules, handler, ns
+        xpath_internal node, css_rules_to_xpath(rules, ns), handler, ns, nil
+      end
+
+      def xpath_internal node, paths, handler, ns, binds
+        document = node.document
+        return NodeSet.new(document) unless document
+
+        if paths.length == 1
+          return xpath_impl(node, paths.first, handler, ns, binds)
+        end
+
+        NodeSet.new(document) do |combined|
+          paths.each do |path|
+            xpath_impl(node, path, handler, ns, binds).each { |set| combined << set }
+          end
+        end
+      end
+
+      def xpath_impl node, path, handler, ns, binds
+        ctx = XPathContext.new(node)
+        ctx.register_namespaces(ns)
+        path = path.gsub(/xmlns:/, ' :') unless Nokogiri.uses_libxml?
+
+        binds.each do |key,value|
+          ctx.register_variable key.to_s, value
+        end if binds
+
+        ctx.evaluate(path, handler)
+      end
+
+      def css_rules_to_xpath(rules, ns)
+        rules.map { |rule| xpath_query_from_css_rule(rule, ns) }
+      end
+
+      def xpath_query_from_css_rule rule, ns
+        self.class::IMPLIED_XPATH_CONTEXTS.map do |implied_xpath_context|
+          CSS.xpath_for(rule.to_s, :prefix => implied_xpath_context, :ns => ns)
+        end.join(' | ')
+      end
+
+      def extract_params params # :nodoc:
+        handler = params.find do |param|
+          ![Hash, String, Symbol].include?(param.class)
+        end
+        params -= [handler] if handler
+
+        hashes = []
+        while Hash === params.last || params.last.nil?
+          hashes << params.pop
+          break if params.empty?
+        end
+        ns, binds = hashes.reverse
+
+        ns ||= document.root ? document.root.namespaces : {}
+
+        [params, handler, ns, binds]
+      end
+    end
+  end
+end

data/lib/nokogiri/xml/syntax_error.rb

@@ -40,7 +40,30 @@ module Nokogiri
       end
 
       def to_s
-        super.chomp
+        message = super.chomp
+        [location_to_s, level_to_s, message].
+          compact.join(": ").
+          force_encoding(message.encoding)
+      end
+
+      private
+
+      def level_to_s
+        case level
+        when 3 then "FATAL"
+        when 2 then "ERROR"
+        when 1 then "WARNING"
+        else nil
+        end
+      end
+
+      def nil_or_zero?(attribute)
+        attribute.nil? || attribute.zero?
+      end
+
+      def location_to_s
+        return nil if nil_or_zero?(line) && nil_or_zero?(column)
+        "#{line}:#{column}"
       end
     end
   end

data/lib/nokogiri/xml.rb

@@ -1,6 +1,7 @@
 require 'nokogiri/xml/pp'
 require 'nokogiri/xml/parse_options'
 require 'nokogiri/xml/sax'
+require 'nokogiri/xml/searchable'
 require 'nokogiri/xml/node'
 require 'nokogiri/xml/attribute_decl'
 require 'nokogiri/xml/element_decl'
@@ -22,6 +23,7 @@ require 'nokogiri/xml/builder'
 require 'nokogiri/xml/reader'
 require 'nokogiri/xml/notation'
 require 'nokogiri/xml/entity_decl'
+require 'nokogiri/xml/entity_reference'
 require 'nokogiri/xml/schema'
 require 'nokogiri/xml/relax_ng'
 
@@ -47,7 +49,7 @@ module Nokogiri
       # Nokogiri::XML::Reader for mor information
       def Reader string_or_io, url = nil, encoding = nil, options = ParseOptions::STRICT
 
-        options = Nokogiri::XML::ParseOptions.new(options) if Fixnum === options
+        options = Nokogiri::XML::ParseOptions.new(options) if Integer === options
         # Give the options to the user
         yield options if block_given?
 

data/lib/nokogiri.rb

@@ -2,9 +2,6 @@
 # Modify the PATH on windows so that the external DLLs will get loaded.
 
 require 'rbconfig'
-ENV['PATH'] = [File.expand_path(
-  File.join(File.dirname(__FILE__), "..", "ext", "nokogiri")
-), ENV['PATH']].compact.join(';') if RbConfig::CONFIG['host_os'] =~ /(mswin|mingw)/i
 
 if defined?(RUBY_ENGINE) && RUBY_ENGINE == "jruby"
   # The line below caused a problem on non-GAE rack environment.
@@ -13,7 +10,7 @@ if defined?(RUBY_ENGINE) && RUBY_ENGINE == "jruby"
   # However, simply cutting defined?(JRuby::Rack::VERSION) off resulted in
   # an unable-to-load-nokogiri problem. Thus, now, Nokogiri checks the presense
   # of appengine-rack.jar in $LOAD_PATH. If Nokogiri is on GAE, Nokogiri
-  # should skip loading xml jars. This is because those are in WEB-INF/lib and 
+  # should skip loading xml jars. This is because those are in WEB-INF/lib and
   # already set in the classpath.
   unless $LOAD_PATH.to_s.include?("appengine-rack")
     require 'stringio'
@@ -22,10 +19,18 @@ if defined?(RUBY_ENGINE) && RUBY_ENGINE == "jruby"
     require 'nekohtml.jar'
     require 'nekodtd.jar'
     require 'xercesImpl.jar'
+    require 'serializer.jar'
+    require 'xalan.jar'
+    require 'xml-apis.jar'
   end
 end
 
-require 'nokogiri/nokogiri'
+begin
+  RUBY_VERSION =~ /(\d+\.\d+)/
+  require "nokogiri/#{$1}/nokogiri"
+rescue LoadError
+  require 'nokogiri/nokogiri'
+end
 require 'nokogiri/version'
 require 'nokogiri/syntax_error'
 require 'nokogiri/xml'
@@ -36,7 +41,8 @@ require 'nokogiri/css'
 require 'nokogiri/html/builder'
 
 # Nokogiri parses and searches XML/HTML very quickly, and also has
-# correctly implemented CSS3 selector support as well as XPath support.
+# correctly implemented CSS3 selector support as well as XPath 1.0
+# support.
 #
 # Parsing a document returns either a Nokogiri::XML::Document, or a
 # Nokogiri::HTML::Document depending on the kind of document you parse.
@@ -58,27 +64,26 @@ require 'nokogiri/html/builder'
 #     puts link.content
 #   end
 #
-# See Nokogiri::XML::Node#css for more information about CSS searching.
-# See Nokogiri::XML::Node#xpath for more information about XPath searching.
+# See Nokogiri::XML::Searchable#css for more information about CSS searching.
+# See Nokogiri::XML::Searchable#xpath for more information about XPath searching.
 module Nokogiri
   class << self
     ###
     # Parse an HTML or XML document.  +string+ contains the document.
     def parse string, url = nil, encoding = nil, options = nil
-      doc =
-        if string.respond_to?(:read) ||
-          string =~ /^\s*<[^Hh>]*html/i # Probably html
-          Nokogiri.HTML(
-            string,
-            url,
-            encoding, options || XML::ParseOptions::DEFAULT_HTML
-          )
-        else
-          Nokogiri.XML(string, url, encoding,
-                        options || XML::ParseOptions::DEFAULT_XML)
-        end
-      yield doc if block_given?
-      doc
+      if string.respond_to?(:read) ||
+          /^\s*<(?:!DOCTYPE\s+)?html[\s>]/i === string[0, 512]
+        # Expect an HTML indicator to appear within the first 512
+        # characters of a document. (<?xml ?> + <?xml-stylesheet ?>
+        # shouldn't be that long)
+        Nokogiri.HTML(string, url, encoding,
+          options || XML::ParseOptions::DEFAULT_HTML)
+      else
+        Nokogiri.XML(string, url, encoding,
+          options || XML::ParseOptions::DEFAULT_XML)
+      end.tap { |doc|
+        yield doc if block_given?
+      }
     end
 
     ###
@@ -109,7 +114,19 @@ module Nokogiri
     def Slop(*args, &block)
       Nokogiri(*args, &block).slop!
     end
+
+    def install_default_aliases
+      # Make sure to support some popular encoding aliases not known by
+      # all iconv implementations.
+      {
+        'Windows-31J' => 'CP932',	# Windows-31J is the IANA registered name of CP932.
+      }.each { |alias_name, name|
+        EncodingHandler.alias(name, alias_name) if EncodingHandler[alias_name].nil?
+      }
+    end
   end
+
+  Nokogiri.install_default_aliases
 end
 
 ###
@@ -120,8 +137,7 @@ end
 # To specify the type of document, use Nokogiri.XML or Nokogiri.HTML.
 def Nokogiri(*args, &block)
   if block_given?
-    builder = Nokogiri::HTML::Builder.new(&block)
-    return builder.doc.root
+    Nokogiri::HTML::Builder.new(&block).doc.root
   else
     Nokogiri.parse(*args)
   end

data/patches/libxml2/0001-Revert-Do-not-URI-escape-in-server-side-includes.patch

@@ -0,0 +1,78 @@
+From c5538465c08a8ea248a370bf55bc39cd3385e4af Mon Sep 17 00:00:00 2001
+From: Mike Dalessio <mike.dalessio@gmail.com>
+Date: Thu, 29 Mar 2018 14:09:00 -0400
+Subject: [PATCH] Revert "Do not URI escape in server side includes"
+
+This reverts commit 960f0e275616cadc29671a218d7fb9b69eb35588.
+---
+ HTMLtree.c | 49 +++++++++++--------------------------------------
+ 1 file changed, 11 insertions(+), 38 deletions(-)
+
+diff --git a/HTMLtree.c b/HTMLtree.c
+index 2fd0c9c..67160c5 100644
+--- a/HTMLtree.c
++++ b/HTMLtree.c
+@@ -717,49 +717,22 @@ htmlAttrDumpOutput(xmlOutputBufferPtr buf, xmlDocPtr doc, xmlAttrPtr cur,
+ 		 (!xmlStrcasecmp(cur->name, BAD_CAST "src")) ||
+ 		 ((!xmlStrcasecmp(cur->name, BAD_CAST "name")) &&
+ 		  (!xmlStrcasecmp(cur->parent->name, BAD_CAST "a"))))) {
++		xmlChar *escaped;
+ 		xmlChar *tmp = value;
+-		/* xmlURIEscapeStr() escapes '"' so it can be safely used. */
+-		xmlBufCCat(buf->buffer, "\"");
+ 
+ 		while (IS_BLANK_CH(*tmp)) tmp++;
+ 
+-		/* URI Escape everything, except server side includes. */
+-		for ( ; ; ) {
+-		    xmlChar *escaped;
+-		    xmlChar endChar;
+-		    xmlChar *end = NULL;
+-		    xmlChar *start = (xmlChar *)xmlStrstr(tmp, BAD_CAST "<!--");
+-		    if (start != NULL) {
+-			end = (xmlChar *)xmlStrstr(tmp, BAD_CAST "-->");
+-			if (end != NULL) {
+-			    *start = '\0';
+-			}
+-		    }
+-
+-		    /* Escape the whole string, or until start (set to '\0'). */
+-		    escaped = xmlURIEscapeStr(tmp, BAD_CAST"@/:=?;#%&,+");
+-		    if (escaped != NULL) {
+-		        xmlBufCat(buf->buffer, escaped);
+-		        xmlFree(escaped);
+-		    } else {
+-		        xmlBufCat(buf->buffer, tmp);
+-		    }
+-
+-		    if (end == NULL) { /* Everything has been written. */
+-			break;
+-		    }
+-
+-		    /* Do not escape anything within server side includes. */
+-		    *start = '<'; /* Restore the first character of "<!--". */
+-		    end += 3; /* strlen("-->") */
+-		    endChar = *end;
+-		    *end = '\0';
+-		    xmlBufCat(buf->buffer, start);
+-		    *end = endChar;
+-		    tmp = end;
++		/*
++		 * the < and > have already been escaped at the entity level
++		 * And doing so here breaks server side includes
++		 */
++		escaped = xmlURIEscapeStr(tmp, BAD_CAST"@/:=?;#%&,+<>");
++		if (escaped != NULL) {
++		    xmlBufWriteQuotedString(buf->buffer, escaped);
++		    xmlFree(escaped);
++		} else {
++		    xmlBufWriteQuotedString(buf->buffer, value);
+ 		}
+-
+-		xmlBufCCat(buf->buffer, "\"");
+ 	    } else {
+ 		xmlBufWriteQuotedString(buf->buffer, value);
+ 	    }
+-- 
+2.9.5
+

data/patches/libxml2/0002-Remove-script-macro-support.patch

@@ -0,0 +1,40 @@
+From 27e4aa8d885e47a296ea78d114dbbe8fc7aa3508 Mon Sep 17 00:00:00 2001
+From: Kevin Solorio <soloriok@gmail.com>
+Date: Fri, 1 Feb 2019 14:32:42 -0800
+Subject: [PATCH] Revert-support-html-h-b-7-1
+
+---
+ entities.c | 17 -----------------
+ 1 file changed, 17 deletions(-)
+
+diff --git a/entities.c b/entities.c
+index 43549bc5..82652f6d 100644
+--- a/entities.c
++++ b/entities.c
+@@ -623,23 +623,6 @@ xmlEncodeEntitiesInternal(xmlDocPtr doc, const xmlChar *input, int attr) {
+ 	    *out++ = 't';
+ 	    *out++ = ';';
+ 	} else if (*cur == '&') {
+-	    /*
+-	     * Special handling of &{...} construct from HTML 4, see
+-	     * http://www.w3.org/TR/html401/appendix/notes.html#h-B.7.1
+-	     */
+-	    if (html && attr && (cur[1] == '{') &&
+-	        (strchr((const char *) cur, '}'))) {
+-	        while (*cur != '}') {
+-		    *out++ = *cur++;
+-		    indx = out - buffer;
+-		    if (indx + 100 > buffer_size) {
+-			growBufferReentrant();
+-			out = &buffer[indx];
+-		    }
+-		}
+-		*out++ = *cur++;
+-		continue;
+-	    }
+ 	    *out++ = '&';
+ 	    *out++ = 'a';
+ 	    *out++ = 'm';
+-- 
+2.16.2
+

data/patches/libxml2/0003-Update-entities-to-remove-handling-of-ssi.patch

@@ -0,0 +1,44 @@
+From ffc08467744bd2305d41ca882c37fa30adf3a067 Mon Sep 17 00:00:00 2001
+From: Kevin Solorio <soloriok@gmail.com>
+Date: Wed, 27 Feb 2019 14:34:17 -0800
+Subject: [PATCH 2/2] update entities.c to remove handling of ssi
+
+---
+ entities.c | 21 ---------------------
+ 1 file changed, 21 deletions(-)
+
+diff --git a/entities.c b/entities.c
+index 43549bc5..5c4a2a60 100644
+--- a/entities.c
++++ b/entities.c
+@@ -592,27 +592,6 @@ xmlEncodeEntitiesInternal(xmlDocPtr doc, const xmlChar *input, int attr) {
+ 	 * By default one have to encode at least '<', '>', '"' and '&' !
+ 	 */
+ 	if (*cur == '<') {
+-	    const xmlChar *end;
+-
+-	    /*
+-	     * Special handling of server side include in HTML attributes
+-	     */
+-	    if (html && attr &&
+-	        (cur[1] == '!') && (cur[2] == '-') && (cur[3] == '-') &&
+-	        ((end = xmlStrstr(cur, BAD_CAST "-->")) != NULL)) {
+-	        while (cur != end) {
+-		    *out++ = *cur++;
+-		    indx = out - buffer;
+-		    if (indx + 100 > buffer_size) {
+-			growBufferReentrant();
+-			out = &buffer[indx];
+-		    }
+-		}
+-		*out++ = *cur++;
+-		*out++ = *cur++;
+-		*out++ = *cur++;
+-		continue;
+-	    }
+ 	    *out++ = '&';
+ 	    *out++ = 'l';
+ 	    *out++ = 't';
+-- 
+2.16.2
+

data/patches/libxslt/0001-Fix-security-framework-bypass.patch

@@ -0,0 +1,120 @@
+From e03553605b45c88f0b4b2980adfbbb8f6fca2fd6 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Sun, 24 Mar 2019 09:51:39 +0100
+Subject: [PATCH] Fix security framework bypass
+
+xsltCheckRead and xsltCheckWrite return -1 in case of error but callers
+don't check for this condition and allow access. With a specially
+crafted URL, xsltCheckRead could be tricked into returning an error
+because of a supposedly invalid URL that would still be loaded
+succesfully later on.
+
+Fixes #12.
+
+Thanks to Felix Wilhelm for the report.
+---
+ libxslt/documents.c | 18 ++++++++++--------
+ libxslt/imports.c   |  9 +++++----
+ libxslt/transform.c |  9 +++++----
+ libxslt/xslt.c      |  9 +++++----
+ 4 files changed, 25 insertions(+), 20 deletions(-)
+
+diff --git a/libxslt/documents.c b/libxslt/documents.c
+index 3f3a731..4aad11b 100644
+--- a/libxslt/documents.c
++++ b/libxslt/documents.c
+@@ -296,10 +296,11 @@ xsltLoadDocument(xsltTransformContextPtr ctxt, const xmlChar *URI) {
+ 	int res;
+ 
+ 	res = xsltCheckRead(ctxt->sec, ctxt, URI);
+-	if (res == 0) {
+-	    xsltTransformError(ctxt, NULL, NULL,
+-		 "xsltLoadDocument: read rights for %s denied\n",
+-			     URI);
++	if (res <= 0) {
++            if (res == 0)
++                xsltTransformError(ctxt, NULL, NULL,
++                     "xsltLoadDocument: read rights for %s denied\n",
++                                 URI);
+ 	    return(NULL);
+ 	}
+     }
+@@ -372,10 +373,11 @@ xsltLoadStyleDocument(xsltStylesheetPtr style, const xmlChar *URI) {
+ 	int res;
+ 
+ 	res = xsltCheckRead(sec, NULL, URI);
+-	if (res == 0) {
+-	    xsltTransformError(NULL, NULL, NULL,
+-		 "xsltLoadStyleDocument: read rights for %s denied\n",
+-			     URI);
++	if (res <= 0) {
++            if (res == 0)
++                xsltTransformError(NULL, NULL, NULL,
++                     "xsltLoadStyleDocument: read rights for %s denied\n",
++                                 URI);
+ 	    return(NULL);
+ 	}
+     }
+diff --git a/libxslt/imports.c b/libxslt/imports.c
+index 874870c..3783b24 100644
+--- a/libxslt/imports.c
++++ b/libxslt/imports.c
+@@ -130,10 +130,11 @@ xsltParseStylesheetImport(xsltStylesheetPtr style, xmlNodePtr cur) {
+ 	int secres;
+ 
+ 	secres = xsltCheckRead(sec, NULL, URI);
+-	if (secres == 0) {
+-	    xsltTransformError(NULL, NULL, NULL,
+-		 "xsl:import: read rights for %s denied\n",
+-			     URI);
++	if (secres <= 0) {
++            if (secres == 0)
++                xsltTransformError(NULL, NULL, NULL,
++                     "xsl:import: read rights for %s denied\n",
++                                 URI);
+ 	    goto error;
+ 	}
+     }
+diff --git a/libxslt/transform.c b/libxslt/transform.c
+index 1379391..0636dbd 100644
+--- a/libxslt/transform.c
++++ b/libxslt/transform.c
+@@ -3493,10 +3493,11 @@ xsltDocumentElem(xsltTransformContextPtr ctxt, xmlNodePtr node,
+      */
+     if (ctxt->sec != NULL) {
+ 	ret = xsltCheckWrite(ctxt->sec, ctxt, filename);
+-	if (ret == 0) {
+-	    xsltTransformError(ctxt, NULL, inst,
+-		 "xsltDocumentElem: write rights for %s denied\n",
+-			     filename);
++	if (ret <= 0) {
++            if (ret == 0)
++                xsltTransformError(ctxt, NULL, inst,
++                     "xsltDocumentElem: write rights for %s denied\n",
++                                 filename);
+ 	    xmlFree(URL);
+ 	    xmlFree(filename);
+ 	    return;
+diff --git a/libxslt/xslt.c b/libxslt/xslt.c
+index 780a5ad..a234eb7 100644
+--- a/libxslt/xslt.c
++++ b/libxslt/xslt.c
+@@ -6763,10 +6763,11 @@ xsltParseStylesheetFile(const xmlChar* filename) {
+ 	int res;
+ 
+ 	res = xsltCheckRead(sec, NULL, filename);
+-	if (res == 0) {
+-	    xsltTransformError(NULL, NULL, NULL,
+-		 "xsltParseStylesheetFile: read rights for %s denied\n",
+-			     filename);
++	if (res <= 0) {
++            if (res == 0)
++                xsltTransformError(NULL, NULL, NULL,
++                     "xsltParseStylesheetFile: read rights for %s denied\n",
++                                 filename);
+ 	    return(NULL);
+ 	}
+     }
+-- 
+2.17.1
+