--TEST-- Disable XXE in xml_parse --SKIPIF-- = 80000) print "skip"; ?> --EXTENSIONS-- xml --INI-- sp.configuration_file={PWD}/config/disable_xxe.ini --FILE-- ]> &foo; EOD; file_put_contents('content.xml', $xml); function create_parser() { $parser = xml_parser_create(); xml_set_element_handler( $parser, function($parser, $name, array $attributes) { var_dump($name); echo "\n"; var_dump($attributes); }, function($parser, $name) { var_dump($name); } ); xml_set_character_data_handler( $parser, function ($parser, $text){ echo 'text' . $text; } ); return $parser; } libxml_disable_entity_loader(true); $parser = create_parser(); $doc = xml_parse($parser, $xml, true); xml_parser_free($parser); libxml_disable_entity_loader(false); $parser = create_parser(); $doc = xml_parse($parser, $xml, true); xml_parser_free($parser); $xml = "foo"; file_put_contents('content.xml', $xml); $parser = create_parser(); $doc = xml_parse($parser, $xml, true); xml_parser_free($parser); --EXPECTF-- Warning: [snuffleupagus][0.0.0.0][xxe][log] A call to libxml_disable_entity_loader was tried and nopped in %a.php on line %d string(4) "TEST" array(0) { } string(7) "TESTING" array(0) { } string(7) "TESTING" string(4) "TEST" Warning: [snuffleupagus][0.0.0.0][xxe][log] A call to libxml_disable_entity_loader was tried and nopped in %a.php on line %d string(4) "TEST" array(0) { } string(7) "TESTING" array(0) { } string(7) "TESTING" string(4) "TEST" string(4) "TEST" array(0) { } string(7) "TESTING" array(0) { } textfoostring(7) "TESTING" string(4) "TEST"