Skip to content

Commit 8e17793

Browse files
tvdijentvdijen
committed
Make LibXML options configurable
1 parent 6292442 commit 8e17793

1 file changed

Lines changed: 15 additions & 12 deletions

File tree

src/DOMDocumentFactory.php

Lines changed: 15 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,6 @@
1010
use SimpleSAML\XML\Exception\RuntimeException;
1111
use SimpleSAML\XML\Exception\UnparseableXMLException;
1212

13-
use function defined;
1413
use function file_get_contents;
1514
use function libxml_clear_errors;
1615
use function libxml_get_last_error;
@@ -23,14 +22,23 @@
2322
*/
2423
final class DOMDocumentFactory
2524
{
25+
/**
26+
* @var non-negative-int
27+
* TODO: Add LIBXML_NO_XXE to the defaults when PHP 8.4.0 + libxml 2.13.0 become generally available
28+
*/
29+
public const DEFAULT_OPTIONS = LIBXML_COMPACT | LIBXML_NONET | LIBXML_NSCLEAN;
30+
31+
2632
/**
2733
* @param string $xml
28-
* @param non-empty-string $xml
34+
* @param non-negative-int $options
2935
*
3036
* @return \DOMDocument
3137
*/
32-
public static function fromString(string $xml): DOMDocument
33-
{
38+
public static function fromString(
39+
string $xml,
40+
int $options = self::DEFAULT_OPTIONS,
41+
): DOMDocument {
3442
libxml_set_external_entity_loader(null);
3543
Assert::notWhitespaceOnly($xml);
3644
Assert::notRegex(
@@ -44,12 +52,6 @@ public static function fromString(string $xml): DOMDocument
4452
libxml_clear_errors();
4553

4654
$domDocument = self::create();
47-
/** @TODO: LIBXML_NO_XXE is available as of PHP 8.4 */
48-
$options = LIBXML_NONET | LIBXML_PARSEHUGE /* | LIBXML_NO_XXE */;
49-
if (defined('LIBXML_COMPACT')) {
50-
$options |= LIBXML_COMPACT;
51-
}
52-
5355
$loaded = $domDocument->loadXML($xml, $options);
5456

5557
libxml_use_internal_errors($internalErrors);
@@ -77,10 +79,11 @@ public static function fromString(string $xml): DOMDocument
7779

7880
/**
7981
* @param string $file
82+
* @param non-negative-int $options
8083
*
8184
* @return \DOMDocument
8285
*/
83-
public static function fromFile(string $file): DOMDocument
86+
public static function fromFile(string $file, int $options = self::DEFAULT_OPTIONS): DOMDocument
8487
{
8588
error_clear_last();
8689
$xml = @file_get_contents($file);
@@ -92,7 +95,7 @@ public static function fromFile(string $file): DOMDocument
9295
}
9396

9497
Assert::notWhitespaceOnly($xml, sprintf('File "%s" does not have content', $file), RuntimeException::class);
95-
return static::fromString($xml);
98+
return static::fromString($xml, $options);
9699
}
97100

98101

0 commit comments

Comments
 (0)