14 files changed, 24 insertions, 18 deletions

diff --git a/config/default.rules b/config/default.rules
index b964073..2de703b 100644
--- a/config/default.rules
+++ b/config/default.rules
@@ -7,7 +7,7 @@
 sp.harden_random.enable();
 
 # Disabled XXE
-sp.disable_xxe.enable();
+sp.xxe_protection.enable();
 
 # Global configuration variables
 # sp.global.secret_key("YOU _DO_ NEED TO CHANGE THIS WITH SOME RANDOM CHARACTERS.");
diff --git a/config/default_php8.rules b/config/default_php8.rules
index de2da5c..1d16191 100644
--- a/config/default_php8.rules
+++ b/config/default_php8.rules
@@ -8,7 +8,7 @@
 sp.harden_random.enable();
 
 # Disabled XXE
-sp.disable_xxe.enable();
+sp.xxe_protection.enable();
 
 # Global configuration variables
 # sp.global.secret_key("YOU _DO_ NEED TO CHANGE THIS WITH SOME RANDOM CHARACTERS.");
diff --git a/config/suhosin.rules b/config/suhosin.rules
index 4beb4c8..0bdc453 100644
--- a/config/suhosin.rules
+++ b/config/suhosin.rules
@@ -276,6 +276,6 @@ sp.harden_random.enable();
 sp.auto_cookie_secure.enable();
 #sp.cookie.name("cookie1").samesite("lax");
 #sp.cookie.name("cookie2").samesite("strict");;
-sp.disable_xxe.enable();
+sp.xxe_protection.enable();
 #sp.sloppy_comparison.enable();
 
diff --git a/doc/source/config.rst b/doc/source/config.rst
index 10b0afd..63ddf7b 100644
--- a/doc/source/config.rst
+++ b/doc/source/config.rst
@@ -293,14 +293,15 @@ It can either be ``enabled`` or ``disabled`` and can be used in ``simulation`` m
   sp.upload_validation.script("/var/www/is_valid_php.py").enable();
 
 
-disable_xxe
+xxe_protection
 ^^^^^^^^^^^
 
-:ref:`disable_xxe <xxe-feature>`, enabled by default, will prevent XXE attacks by disabling the loading of external entities (``libxml_disable_entity_loader``) in the XML parser.
+:ref:`xxe_protection <xxe-feature>`, disabled by default, will prevent XXE attacks by disabling the loading of external entities (``libxml_disable_entity_loader``) in the XML parser.
 
 ::
 
-  sp.disable_xxe.enable();
+  sp.xxe_protection.enable();
+  sp.xxe_protection.disable();
 
 
 Whitelist of stream-wrappers
diff --git a/src/php_snuffleupagus.h b/src/php_snuffleupagus.h
index 308031b..03c9bb6 100644
--- a/src/php_snuffleupagus.h
+++ b/src/php_snuffleupagus.h
@@ -116,7 +116,7 @@ sp_config_upload_validation config_upload_validation;
 sp_config_cookie config_cookie;
 sp_config_auto_cookie_secure config_auto_cookie_secure;
 sp_config_global_strict config_global_strict;
-sp_config_disable_xxe config_disable_xxe;
+sp_config_xxe_protection config_xxe_protection;
 sp_config_eval config_eval;
 sp_config_wrapper config_wrapper;
 sp_config_session config_session;
diff --git a/src/snuffleupagus.c b/src/snuffleupagus.c
index 6fd6f25..c96a911 100644
--- a/src/snuffleupagus.c
+++ b/src/snuffleupagus.c
@@ -314,7 +314,7 @@ static PHP_INI_MH(OnUpdateConfiguration) {
     hook_upload();
   }
 
-  if (SPCFG(disable_xxe).enable == 0) {
+  if (SPCFG(xxe_protection).enable) {
     hook_libxml_disable_entity_loader();
   }
 
diff --git a/src/sp_config.c b/src/sp_config.c
index ec6c5a8..bc9aa0d 100644
--- a/src/sp_config.c
+++ b/src/sp_config.c
@@ -17,7 +17,7 @@ static zend_result sp_process_config_root(sp_parsed_keyword *parsed_rule) {
     {parse_cookie,              SP_TOKEN_COOKIE_ENCRYPTION, NULL},
     {parse_global,              SP_TOKEN_GLOBAL, NULL},
     {parse_enable,              SP_TOKEN_AUTO_COOKIE_SECURE, &(SPCFG(auto_cookie_secure).enable)},
-    {parse_enable,              SP_TOKEN_DISABLE_XXE, &(SPCFG(disable_xxe).enable)},
+    {parse_enable,              SP_TOKEN_XXE_PROTECTION, &(SPCFG(xxe_protection).enable)},
     {parse_eval_filter_conf,    SP_TOKEN_EVAL_BLACKLIST, &(SPCFG(eval).blacklist)},
     {parse_eval_filter_conf,    SP_TOKEN_EVAL_WHITELIST, &(SPCFG(eval).whitelist)},
     {parse_session,             SP_TOKEN_SESSION_ENCRYPTION, &(SPCFG(session))},
diff --git a/src/sp_config.h b/src/sp_config.h
index 262050b..a557105 100644
--- a/src/sp_config.h
+++ b/src/sp_config.h
@@ -57,7 +57,7 @@ typedef struct {
 
 typedef struct {
   bool enable;
-} sp_config_disable_xxe;
+} sp_config_xxe_protection;
 
 typedef struct {
   enum samesite_type { strict = 1, lax = 2 } samesite;
@@ -202,7 +202,7 @@ typedef struct {
 #define SP_TOKEN_READONLY_EXEC "readonly_exec"
 #define SP_TOKEN_UNSERIALIZE_HMAC "unserialize_hmac"
 #define SP_TOKEN_UPLOAD_VALIDATION "upload_validation"
-#define SP_TOKEN_DISABLE_XXE "disable_xxe"
+#define SP_TOKEN_XXE_PROTECTION "xxe_protection"
 #define SP_TOKEN_EVAL_BLACKLIST "eval_blacklist"
 #define SP_TOKEN_EVAL_WHITELIST "eval_whitelist"
 #define SP_TOKEN_SLOPPY_COMPARISON "sloppy_comparison"
diff --git a/src/tests/xxe/config/disable_xxe.ini b/src/tests/xxe/config/disable_xxe.ini
index bc9d1f2..a50a3b9 100644
--- a/src/tests/xxe/config/disable_xxe.ini
+++ b/src/tests/xxe/config/disable_xxe.ini
@@ -1 +1 @@
-sp.disable_xxe.enable();
+sp.xxe_protection.enable();
diff --git a/src/tests/xxe/config/disable_xxe_disable.ini b/src/tests/xxe/config/disable_xxe_disable.ini
index bb1e432..eaf5755 100644
--- a/src/tests/xxe/config/disable_xxe_disable.ini
+++ b/src/tests/xxe/config/disable_xxe_disable.ini
@@ -1 +1 @@
-sp.disable_xxe.disable();
+sp.xxe_protection.disable();
diff --git a/src/tests/xxe/disable_xxe_dom_disabled.phpt b/src/tests/xxe/disable_xxe_dom_disabled.phpt
index a49e094..107171c 100644
--- a/src/tests/xxe/disable_xxe_dom_disabled.phpt
+++ b/src/tests/xxe/disable_xxe_dom_disabled.phpt
@@ -1,10 +1,10 @@
 --TEST--
-Disable XXE
+Disable XXE (feature enabled)
 --SKIPIF--
 <?php if (!extension_loaded("snuffleupagus") || !extension_loaded("dom")) print("skip"); ?>
 <?php if (PHP_VERSION_ID >= 80000) print "skip"; ?>
 --INI--
-sp.configuration_file={PWD}/config/disable_xxe_disable.ini
+sp.configuration_file={PWD}/config/disable_xxe.ini
 --EXTENSIONS--
 dom
 --FILE--
diff --git a/src/tests/xxe/disable_xxe_simplexml.phpt b/src/tests/xxe/disable_xxe_simplexml.phpt
index 1d3ef4c..9560156 100644
--- a/src/tests/xxe/disable_xxe_simplexml.phpt
+++ b/src/tests/xxe/disable_xxe_simplexml.phpt
@@ -2,8 +2,9 @@
 Disable XXE
 --SKIPIF--
 <?php if (!extension_loaded("snuffleupagus") || !extension_loaded("simplexml") || getenv('TRAVIS')) print("skip"); ?>
+<?php if (PHP_VERSION_ID >= 80000) print "skip"; ?>
 --INI--
-sp.configuration_file={PWD}/config/disable_xxe.ini
+sp.configuration_file={PWD}/config/disable_xxe_disable.ini
 --EXTENSIONS--
 simplexml
 --XFAIL--
diff --git a/src/tests/xxe/disable_xxe_simplexml_oop.phpt b/src/tests/xxe/disable_xxe_simplexml_oop.phpt
index e101337..1b2c4ca 100644
--- a/src/tests/xxe/disable_xxe_simplexml_oop.phpt
+++ b/src/tests/xxe/disable_xxe_simplexml_oop.phpt
@@ -2,8 +2,9 @@
 Disable XXE
 --SKIPIF--
 <?php if (!extension_loaded("snuffleupagus") || !extension_loaded("simplexml") || getenv('TRAVIS')) print("skip"); ?>
+<?php if (PHP_VERSION_ID >= 80000) print "skip"; ?>
 --INI--
-sp.configuration_file={PWD}/config/disable_xxe.ini
+sp.configuration_file={PWD}/config/disable_xxe_disable.ini
 --EXTENSIONS--
 simplexml
 --XFAIL--
diff --git a/src/tests/xxe/disable_xxe_xml_parse.phpt b/src/tests/xxe/disable_xxe_xml_parse.phpt
index 6b48bea..bc7e338 100644
--- a/src/tests/xxe/disable_xxe_xml_parse.phpt
+++ b/src/tests/xxe/disable_xxe_xml_parse.phpt
@@ -70,7 +70,8 @@ $parser = create_parser();
 $doc = xml_parse($parser, $xml, true);
 xml_parser_free($parser);
 
---EXPECT--
+--EXPECTF--
+Warning: [snuffleupagus][0.0.0.0][xxe][log] A call to libxml_disable_entity_loader was tried and nopped in %a.php on line 41
 string(4) "TEST"
 
 array(0) {
@@ -81,6 +82,8 @@ array(0) {
 }
 string(7) "TESTING"
 string(4) "TEST"
+
+Warning: [snuffleupagus][0.0.0.0][xxe][log] A call to libxml_disable_entity_loader was tried and nopped in %a.php on line 46
 string(4) "TEST"
 
 array(0) {