php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-03-24 00:02:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

soap: Switch to new XML parser option setting API (#20020)

Browse Source 
This API does not require the "global" security workaround.
We also pass some additional options for hardening.
This commit is contained in:
Niels Dossche
2025-10-01 09:45:59 +02:00
committed by GitHub
parent a3f0861f2e
commit 19fc6ed5fb
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
ext/soap/php_xml.c
View File

@@ -79,12 +79,15 @@ static xmlDocPtr soap_xmlParse_ex(xmlParserCtxtPtr ctxt)
{ {
xmlDocPtr ret; xmlDocPtr ret;
if (ctxt) { if (ctxt) {
#if LIBXML_VERSION >= 21300
xmlCtxtSetOptions(ctxt, XML_PARSE_HUGE | XML_PARSE_NO_XXE | XML_PARSE_NONET | XML_PARSE_NOBLANKS);
#else
php_libxml_sanitize_parse_ctxt_options(ctxt); php_libxml_sanitize_parse_ctxt_options(ctxt);
/* TODO: In libxml2 2.14.0 change this to the new options API so we don't rely on deprecated APIs. */
ZEND_DIAGNOSTIC_IGNORED_START("-Wdeprecated-declarations") ZEND_DIAGNOSTIC_IGNORED_START("-Wdeprecated-declarations")
ctxt->keepBlanks = 0; ctxt->keepBlanks = 0;
ctxt->options |= XML_PARSE_HUGE; ctxt->options |= XML_PARSE_HUGE;
ZEND_DIAGNOSTIC_IGNORED_END ZEND_DIAGNOSTIC_IGNORED_END
#endif
ctxt->sax->ignorableWhitespace = soap_ignorableWhitespace; ctxt->sax->ignorableWhitespace = soap_ignorableWhitespace;
ctxt->sax->comment = soap_Comment; ctxt->sax->comment = soap_Comment;
ctxt->sax->warning = NULL; ctxt->sax->warning = NULL;