From f883fbbc7c288dcbe5a0a4ea9b51016b27169dae Mon Sep 17 00:00:00 2001
From: Sem Schilder <sem@tropical.email>
Date: Tue, 17 Nov 2020 23:06:22 +0100
Subject: [PATCH] Update Security.php

Add a PHP version condition check.

In PHP 8.0 and later, PHP uses libxml versions from 2.9.0, which disabled XXE by default. libxml_disable_entity_loader() is now deprecated. This will throw errors for essentially the same feature.

Signed-off-by: Sem Schilder <sem@tropical.email>
---
 src/Security.php | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/src/Security.php b/src/Security.php
index 952ec5b..994ef43 100644
--- a/src/Security.php
+++ b/src/Security.php
@@ -43,7 +43,7 @@ protected static function heuristicScan($xml)
     private static function scanString($xml, DOMDocument $dom = null, $libXmlConstants, callable $callback)
     {
         // If running with PHP-FPM we perform an heuristic scan
-        // We cannot use libxml_disable_entity_loader because of this bug
+        // We cannot use because of this bug
         // @see https://bugs.php.net/bug.php?id=64938
         if (self::isPhpFpm()) {
             self::heuristicScan($xml);
@@ -55,7 +55,9 @@ private static function scanString($xml, DOMDocument $dom = null, $libXmlConstan
         }
 
         if (! self::isPhpFpm()) {
-            $loadEntities = libxml_disable_entity_loader(true);
+            if (\PHP_VERSION_ID < 80000) {
+                $loadEntities = libxml_disable_entity_loader(true);
+            }
             $useInternalXmlErrors = libxml_use_internal_errors(true);
         }
 
@@ -75,7 +77,9 @@ private static function scanString($xml, DOMDocument $dom = null, $libXmlConstan
         if (! $result) {
             // Entity load to previous setting
             if (! self::isPhpFpm()) {
-                libxml_disable_entity_loader($loadEntities);
+                if (\PHP_VERSION_ID < 80000) {
+                    libxml_disable_entity_loader($loadEntities);
+                }
                 libxml_use_internal_errors($useInternalXmlErrors);
             }
             return false;
@@ -94,7 +98,9 @@ private static function scanString($xml, DOMDocument $dom = null, $libXmlConstan
 
         // Entity load to previous setting
         if (! self::isPhpFpm()) {
-            libxml_disable_entity_loader($loadEntities);
+            if (\PHP_VERSION_ID < 80000) {
+                libxml_disable_entity_loader($loadEntities);
+            }
             libxml_use_internal_errors($useInternalXmlErrors);
         }