From 106079a462535d78cfb42523d19cb6925897ea24 Mon Sep 17 00:00:00 2001
From: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
Date: Fri, 10 Oct 2025 00:20:55 +0200
Subject: [PATCH] dom: Switch to new safe option setting API

This API does not suffer from the global issue and does therefore not
require a sanitization fixup.
The API for XML is available starting from libxml 2.13, the one for HTML
since 2.14.
---
 ext/dom/document.c               | 10 ++++++++++
 ext/dom/inner_outer_html_mixin.c |  4 ++++
 2 files changed, 14 insertions(+)

diff --git a/ext/dom/document.c b/ext/dom/document.c
index 4447e88cfc5..4d366db08f0 100644
--- a/ext/dom/document.c
+++ b/ext/dom/document.c
@@ -1448,8 +1448,12 @@ xmlDocPtr dom_document_parser(zval *id, dom_load_mode mode, const char *source,
 		options |= XML_PARSE_RECOVER;
 	}
 
+#if LIBXML_VERSION >= 21300
+	xmlCtxtSetOptions(ctxt, options);
+#else
 	php_libxml_sanitize_parse_ctxt_options(ctxt);
 	xmlCtxtUseOptions(ctxt, options);
+#endif
 
 	if (recover) {
 		old_error_reporting = EG(error_reporting);
@@ -2086,10 +2090,16 @@ static void dom_load_html(INTERNAL_FUNCTION_PARAMETERS, int mode) /* {{{ */
 		ctxt->sax->error = php_libxml_ctx_error;
 		ctxt->sax->warning = php_libxml_ctx_warning;
 	}
+#if LIBXML_VERSION >= 21400
+	if (options) {
+		htmlCtxtSetOptions(ctxt, (int)options);
+	}
+#else
 	php_libxml_sanitize_parse_ctxt_options(ctxt);
 	if (options) {
 		htmlCtxtUseOptions(ctxt, (int)options);
 	}
+#endif
 	htmlParseDocument(ctxt);
 	xmlDocPtr newdoc = ctxt->myDoc;
 	htmlFreeParserCtxt(ctxt);
diff --git a/ext/dom/inner_outer_html_mixin.c b/ext/dom/inner_outer_html_mixin.c
index eee525cc47a..85124d41689 100644
--- a/ext/dom/inner_outer_html_mixin.c
+++ b/ext/dom/inner_outer_html_mixin.c
@@ -291,8 +291,12 @@ static xmlNodePtr dom_xml_fragment_parsing_algorithm(dom_object *obj, const xmlN
 	}
 	parser->dict = context_node->doc->dict;
 
+#if LIBXML_VERSION >= 21300
+	xmlCtxtSetOptions(parser, XML_PARSE_IGNORE_ENC | XML_PARSE_NOERROR | XML_PARSE_NOWARNING | XML_PARSE_NO_XXE);
+#else
 	php_libxml_sanitize_parse_ctxt_options(parser);
 	xmlCtxtUseOptions(parser, XML_PARSE_IGNORE_ENC | XML_PARSE_NOERROR | XML_PARSE_NOWARNING);
+#endif
 
 	xmlCharEncodingHandlerPtr encoding = xmlFindCharEncodingHandler("UTF-8");
 	(void) xmlSwitchToEncoding(parser, encoding);