inverted logic. set xxe_protection.enable() instead of disable_xxe.disable()

10 files changed, 17 insertions, 12 deletions

diff --git a/src/php_snuffleupagus.h b/src/php_snuffleupagus.h
index 308031b..03c9bb6 100644
--- a/src/php_snuffleupagus.h
+++ b/src/php_snuffleupagus.h
@@ -116,7 +116,7 @@ sp_config_upload_validation config_upload_validation;
 sp_config_cookie config_cookie;
 sp_config_auto_cookie_secure config_auto_cookie_secure;
 sp_config_global_strict config_global_strict;
-sp_config_disable_xxe config_disable_xxe;
+sp_config_xxe_protection config_xxe_protection;
 sp_config_eval config_eval;
 sp_config_wrapper config_wrapper;
 sp_config_session config_session;
diff --git a/src/snuffleupagus.c b/src/snuffleupagus.c
index 6fd6f25..c96a911 100644
--- a/src/snuffleupagus.c
+++ b/src/snuffleupagus.c
@@ -314,7 +314,7 @@ static PHP_INI_MH(OnUpdateConfiguration) {
     hook_upload();
   }
 
-  if (SPCFG(disable_xxe).enable == 0) {
+  if (SPCFG(xxe_protection).enable) {
     hook_libxml_disable_entity_loader();
   }
 
diff --git a/src/sp_config.c b/src/sp_config.c
index ec6c5a8..bc9aa0d 100644
--- a/src/sp_config.c
+++ b/src/sp_config.c
@@ -17,7 +17,7 @@ static zend_result sp_process_config_root(sp_parsed_keyword *parsed_rule) {
     {parse_cookie,              SP_TOKEN_COOKIE_ENCRYPTION, NULL},
     {parse_global,              SP_TOKEN_GLOBAL, NULL},
     {parse_enable,              SP_TOKEN_AUTO_COOKIE_SECURE, &(SPCFG(auto_cookie_secure).enable)},
-    {parse_enable,              SP_TOKEN_DISABLE_XXE, &(SPCFG(disable_xxe).enable)},
+    {parse_enable,              SP_TOKEN_XXE_PROTECTION, &(SPCFG(xxe_protection).enable)},
     {parse_eval_filter_conf,    SP_TOKEN_EVAL_BLACKLIST, &(SPCFG(eval).blacklist)},
     {parse_eval_filter_conf,    SP_TOKEN_EVAL_WHITELIST, &(SPCFG(eval).whitelist)},
     {parse_session,             SP_TOKEN_SESSION_ENCRYPTION, &(SPCFG(session))},
diff --git a/src/sp_config.h b/src/sp_config.h
index 262050b..a557105 100644
--- a/src/sp_config.h
+++ b/src/sp_config.h
@@ -57,7 +57,7 @@ typedef struct {
 
 typedef struct {
   bool enable;
-} sp_config_disable_xxe;
+} sp_config_xxe_protection;
 
 typedef struct {
   enum samesite_type { strict = 1, lax = 2 } samesite;
@@ -202,7 +202,7 @@ typedef struct {
 #define SP_TOKEN_READONLY_EXEC "readonly_exec"
 #define SP_TOKEN_UNSERIALIZE_HMAC "unserialize_hmac"
 #define SP_TOKEN_UPLOAD_VALIDATION "upload_validation"
-#define SP_TOKEN_DISABLE_XXE "disable_xxe"
+#define SP_TOKEN_XXE_PROTECTION "xxe_protection"
 #define SP_TOKEN_EVAL_BLACKLIST "eval_blacklist"
 #define SP_TOKEN_EVAL_WHITELIST "eval_whitelist"
 #define SP_TOKEN_SLOPPY_COMPARISON "sloppy_comparison"
diff --git a/src/tests/xxe/config/disable_xxe.ini b/src/tests/xxe/config/disable_xxe.ini
index bc9d1f2..a50a3b9 100644
--- a/src/tests/xxe/config/disable_xxe.ini
+++ b/src/tests/xxe/config/disable_xxe.ini
@@ -1 +1 @@
-sp.disable_xxe.enable();
+sp.xxe_protection.enable();
diff --git a/src/tests/xxe/config/disable_xxe_disable.ini b/src/tests/xxe/config/disable_xxe_disable.ini
index bb1e432..eaf5755 100644
--- a/src/tests/xxe/config/disable_xxe_disable.ini
+++ b/src/tests/xxe/config/disable_xxe_disable.ini
@@ -1 +1 @@
-sp.disable_xxe.disable();
+sp.xxe_protection.disable();
diff --git a/src/tests/xxe/disable_xxe_dom_disabled.phpt b/src/tests/xxe/disable_xxe_dom_disabled.phpt
index a49e094..107171c 100644
--- a/src/tests/xxe/disable_xxe_dom_disabled.phpt
+++ b/src/tests/xxe/disable_xxe_dom_disabled.phpt
@@ -1,10 +1,10 @@
 --TEST--
-Disable XXE
+Disable XXE (feature enabled)
 --SKIPIF--
 <?php if (!extension_loaded("snuffleupagus") || !extension_loaded("dom")) print("skip"); ?>
 <?php if (PHP_VERSION_ID >= 80000) print "skip"; ?>
 --INI--
-sp.configuration_file={PWD}/config/disable_xxe_disable.ini
+sp.configuration_file={PWD}/config/disable_xxe.ini
 --EXTENSIONS--
 dom
 --FILE--
diff --git a/src/tests/xxe/disable_xxe_simplexml.phpt b/src/tests/xxe/disable_xxe_simplexml.phpt
index 1d3ef4c..9560156 100644
--- a/src/tests/xxe/disable_xxe_simplexml.phpt
+++ b/src/tests/xxe/disable_xxe_simplexml.phpt
@@ -2,8 +2,9 @@
 Disable XXE
 --SKIPIF--
 <?php if (!extension_loaded("snuffleupagus") || !extension_loaded("simplexml") || getenv('TRAVIS')) print("skip"); ?>
+<?php if (PHP_VERSION_ID >= 80000) print "skip"; ?>
 --INI--
-sp.configuration_file={PWD}/config/disable_xxe.ini
+sp.configuration_file={PWD}/config/disable_xxe_disable.ini
 --EXTENSIONS--
 simplexml
 --XFAIL--
diff --git a/src/tests/xxe/disable_xxe_simplexml_oop.phpt b/src/tests/xxe/disable_xxe_simplexml_oop.phpt
index e101337..1b2c4ca 100644
--- a/src/tests/xxe/disable_xxe_simplexml_oop.phpt
+++ b/src/tests/xxe/disable_xxe_simplexml_oop.phpt
@@ -2,8 +2,9 @@
 Disable XXE
 --SKIPIF--
 <?php if (!extension_loaded("snuffleupagus") || !extension_loaded("simplexml") || getenv('TRAVIS')) print("skip"); ?>
+<?php if (PHP_VERSION_ID >= 80000) print "skip"; ?>
 --INI--
-sp.configuration_file={PWD}/config/disable_xxe.ini
+sp.configuration_file={PWD}/config/disable_xxe_disable.ini
 --EXTENSIONS--
 simplexml
 --XFAIL--
diff --git a/src/tests/xxe/disable_xxe_xml_parse.phpt b/src/tests/xxe/disable_xxe_xml_parse.phpt
index 6b48bea..bc7e338 100644
--- a/src/tests/xxe/disable_xxe_xml_parse.phpt
+++ b/src/tests/xxe/disable_xxe_xml_parse.phpt
@@ -70,7 +70,8 @@ $parser = create_parser();
 $doc = xml_parse($parser, $xml, true);
 xml_parser_free($parser);
 
---EXPECT--
+--EXPECTF--
+Warning: [snuffleupagus][0.0.0.0][xxe][log] A call to libxml_disable_entity_loader was tried and nopped in %a.php on line 41
 string(4) "TEST"
 
 array(0) {
@@ -81,6 +82,8 @@ array(0) {
 }
 string(7) "TESTING"
 string(4) "TEST"
+
+Warning: [snuffleupagus][0.0.0.0][xxe][log] A call to libxml_disable_entity_loader was tried and nopped in %a.php on line 46
 string(4) "TEST"
 
 array(0) {