1--TEST--
2libxml_disable_entity_loader()
3--EXTENSIONS--
4libxml
5dom
6--SKIPIF--
7<?php
8if (LIBXML_VERSION >= 20912) die('skip For libxml2 < 2.9.12 only');
9?>
10--FILE--
11<?php
12
13$xml = <<<EOT
14<?xml version="1.0" encoding="UTF-8"?>
15<!DOCTYPE test [<!ENTITY xxe SYSTEM "XXE_URI">]>
16<foo>&xxe;</foo>
17EOT;
18
19$dir = str_replace('\\', '/', __DIR__);
20$xml = str_replace('XXE_URI', $dir . '/libxml_disable_entity_loader_payload.txt', $xml);
21
22function parseXML($xml) {
23  $doc = new DOMDocument();
24  $doc->resolveExternals = true;
25  $doc->substituteEntities = true;
26  $doc->validateOnParse = false;
27  $doc->loadXML($xml, 0);
28  return $doc->saveXML();
29}
30
31var_dump(strpos(parseXML($xml), 'SECRET_DATA') !== false);
32var_dump(libxml_disable_entity_loader(true));
33var_dump(strpos(parseXML($xml), 'SECRET_DATA') === false);
34
35echo "Done\n";
36?>
37--EXPECTF--
38bool(true)
39
40Deprecated: Function libxml_disable_entity_loader() is deprecated since 8.0, as external entity loading is disabled by default in %s on line %d
41bool(false)
42
43Warning: DOMDocument::loadXML(): I/O warning : failed to load external entity "%s" in %s on line %d
44
45Warning: DOMDocument::loadXML(): Failure to process entity xxe in Entity, line: %d in %s on line %d
46
47Warning: DOMDocument::loadXML(): Entity 'xxe' not defined in Entity, line: %d in %s on line %d
48bool(true)
49Done
50