dom: Switch to new safe option setting API

ndossche · ndossche · commit 106079a46253 · 2025-10-10T22:24:26.000+02:00
This API does not suffer from the global issue and does therefore not
require a sanitization fixup.
The API for XML is available starting from libxml 2.13, the one for HTML
since 2.14.
diff --git a/ext/dom/document.c b/ext/dom/document.c
@@ -1448,8 +1448,12 @@ xmlDocPtr dom_document_parser(zval *id, dom_load_mode mode, const char *source,
 		options |= XML_PARSE_RECOVER;
 	}
 
+#if LIBXML_VERSION >= 21300
+	xmlCtxtSetOptions(ctxt, options);
+#else
 	php_libxml_sanitize_parse_ctxt_options(ctxt);
 	xmlCtxtUseOptions(ctxt, options);
+#endif
 
 	if (recover) {
 		old_error_reporting = EG(error_reporting);
@@ -2086,10 +2090,16 @@ static void dom_load_html(INTERNAL_FUNCTION_PARAMETERS, int mode) /* {{{ */
 		ctxt->sax->error = php_libxml_ctx_error;
 		ctxt->sax->warning = php_libxml_ctx_warning;
 	}
+#if LIBXML_VERSION >= 21400
+	if (options) {
+		htmlCtxtSetOptions(ctxt, (int)options);
+	}
+#else
 	php_libxml_sanitize_parse_ctxt_options(ctxt);
 	if (options) {
 		htmlCtxtUseOptions(ctxt, (int)options);
 	}
+#endif
 	htmlParseDocument(ctxt);
 	xmlDocPtr newdoc = ctxt->myDoc;
 	htmlFreeParserCtxt(ctxt);
diff --git a/ext/dom/inner_outer_html_mixin.c b/ext/dom/inner_outer_html_mixin.c
@@ -291,8 +291,12 @@ static xmlNodePtr dom_xml_fragment_parsing_algorithm(dom_object *obj, const xmlN
 	}
 	parser->dict = context_node->doc->dict;
 
+#if LIBXML_VERSION >= 21300
+	xmlCtxtSetOptions(parser, XML_PARSE_IGNORE_ENC | XML_PARSE_NOERROR | XML_PARSE_NOWARNING | XML_PARSE_NO_XXE);
+#else
 	php_libxml_sanitize_parse_ctxt_options(parser);
 	xmlCtxtUseOptions(parser, XML_PARSE_IGNORE_ENC | XML_PARSE_NOERROR | XML_PARSE_NOWARNING);
+#endif
 
 	xmlCharEncodingHandlerPtr encoding = xmlFindCharEncodingHandler("UTF-8");
 	(void) xmlSwitchToEncoding(parser, encoding);
