@@ -156,6 +156,9 @@ void *create_directory_config(apr_pool_t *mp, char *path)
156156 dcfg -> crypto_hash_framesrc_pm = NOT_SET ;
157157
158158
159+ /* xml external entity */
160+ dcfg -> xml_external_entity = NOT_SET ;
161+
159162 return dcfg ;
160163}
161164
@@ -591,6 +594,10 @@ void *merge_directory_configs(apr_pool_t *mp, void *_parent, void *_child)
591594 merged -> crypto_hash_framesrc_pm = (child -> crypto_hash_framesrc_pm == NOT_SET
592595 ? parent -> crypto_hash_framesrc_pm : child -> crypto_hash_framesrc_pm );
593596
597+ /* xml external entity */
598+ merged -> xml_external_entity = (child -> xml_external_entity == NOT_SET
599+ ? parent -> xml_external_entity : child -> xml_external_entity );
600+
594601 return merged ;
595602}
596603
@@ -711,6 +718,9 @@ void init_directory_config(directory_config *dcfg)
711718 if (dcfg -> crypto_hash_iframesrc_pm == NOT_SET ) dcfg -> crypto_hash_iframesrc_pm = 0 ;
712719 if (dcfg -> crypto_hash_framesrc_pm == NOT_SET ) dcfg -> crypto_hash_framesrc_pm = 0 ;
713720
721+ /* xml external entity */
722+ if (dcfg -> xml_external_entity == NOT_SET ) dcfg -> xml_external_entity = 0 ;
723+
714724}
715725
716726/**
@@ -2282,9 +2292,35 @@ static const char *cmd_sensor_id(cmd_parms *cmd, void *_dcfg, const char *p1)
22822292 return NULL ;
22832293}
22842294
2295+ /**
2296+ * \brief Add SecXmlExternalEntity configuration option
2297+ *
2298+ * \param cmd Pointer to configuration data
2299+ * \param _dcfg Pointer to directory configuration
2300+ * \param p1 Pointer to configuration option
2301+ *
2302+ * \retval NULL On failure
2303+ * \retval apr_psprintf On Success
2304+ */
2305+ static const char * cmd_xml_external_entity (cmd_parms * cmd , void * _dcfg , const char * p1 )
2306+ {
2307+ directory_config * dcfg = (directory_config * )_dcfg ;
2308+ if (dcfg == NULL ) return NULL ;
2309+
2310+ if (strcasecmp (p1 , "on" ) == 0 ) {
2311+ dcfg -> xml_external_entity = 1 ;
2312+ }
2313+ else if (strcasecmp (p1 , "off" ) == 0 ) {
2314+ dcfg -> xml_external_entity = 0 ;
2315+ }
2316+ else return apr_psprintf (cmd -> pool , "ModSecurity: Invalid value for SecXmlExternalEntity: %s" , p1 );
2317+
2318+ return NULL ;
2319+ }
2320+
22852321
22862322/**
2287- * \brief Add SecHash configuration option
2323+ * \brief Add SecHashEngine configuration option
22882324*
22892325* \param cmd Pointer to configuration data
22902326* \param _dcfg Pointer to directory configuration
@@ -2306,7 +2342,7 @@ static const char *cmd_hash_engine(cmd_parms *cmd, void *_dcfg, const char *p1)
23062342 dcfg -> hash_is_enabled = HASH_DISABLED ;
23072343 dcfg -> hash_enforcement = HASH_DISABLED ;
23082344 }
2309- else return apr_psprintf (cmd -> pool , "ModSecurity: Invalid value for SecRuleEngine : %s" , p1 );
2345+ else return apr_psprintf (cmd -> pool , "ModSecurity: Invalid value for SexHashEngine : %s" , p1 );
23102346
23112347 return NULL ;
23122348}
@@ -3223,6 +3259,14 @@ const command_rec module_directives[] = {
32233259 "On or Off"
32243260 ),
32253261
3262+ AP_INIT_TAKE1 (
3263+ "SecXmlExternalEntity" ,
3264+ cmd_xml_external_entity ,
3265+ NULL ,
3266+ CMD_SCOPE_ANY ,
3267+ "On or Off"
3268+ ),
3269+
32263270 AP_INIT_FLAG (
32273271 "SecRuleInheritance" ,
32283272 cmd_rule_inheritance ,
0 commit comments