From 704fb7dda7688ad05262b69ffbbc2ecef662f086 Mon Sep 17 00:00:00 2001
From: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
Date: Tue, 30 Sep 2025 20:39:48 +0200
Subject: [PATCH] soap: Switch to new XML parser option setting API

This API does not require the "global" security workaround.
We also pass some additional options for hardening.
---
 ext/soap/php_xml.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/ext/soap/php_xml.c b/ext/soap/php_xml.c
index b6b0c09b9d48b..a2536b98f39bb 100644
--- a/ext/soap/php_xml.c
+++ b/ext/soap/php_xml.c
@@ -79,12 +79,15 @@ static xmlDocPtr soap_xmlParse_ex(xmlParserCtxtPtr ctxt)
 {
 	xmlDocPtr ret;
 	if (ctxt) {
+#if LIBXML_VERSION >= 21300
+		xmlCtxtSetOptions(ctxt, XML_PARSE_HUGE | XML_PARSE_NO_XXE | XML_PARSE_NONET | XML_PARSE_NOBLANKS);
+#else
 		php_libxml_sanitize_parse_ctxt_options(ctxt);
-		/* TODO: In libxml2 2.14.0 change this to the new options API so we don't rely on deprecated APIs. */
 		ZEND_DIAGNOSTIC_IGNORED_START("-Wdeprecated-declarations")
 		ctxt->keepBlanks = 0;
 		ctxt->options |= XML_PARSE_HUGE;
 		ZEND_DIAGNOSTIC_IGNORED_END
+#endif
 		ctxt->sax->ignorableWhitespace = soap_ignorableWhitespace;
 		ctxt->sax->comment = soap_Comment;
 		ctxt->sax->warning = NULL;