From 3bae74e92316a79f7fcf4108628e0f0f99cabc85 Mon Sep 17 00:00:00 2001
From: David Bogner <davidbogner@gmail.com>
Date: Fri, 13 Dec 2024 08:51:48 +0100
Subject: [PATCH] Fix XXE in parsing SAML messages

Implement recommended fix from https://simplesamlphp.org/security/202412-01
---
 .../simplesamlphp/saml2/src/SAML2/DOMDocumentFactory.php | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/.extlib/simplesamlphp/vendor/simplesamlphp/saml2/src/SAML2/DOMDocumentFactory.php b/.extlib/simplesamlphp/vendor/simplesamlphp/saml2/src/SAML2/DOMDocumentFactory.php
index 811ae10b6..a5bea94b4 100644
--- a/.extlib/simplesamlphp/vendor/simplesamlphp/saml2/src/SAML2/DOMDocumentFactory.php
+++ b/.extlib/simplesamlphp/vendor/simplesamlphp/saml2/src/SAML2/DOMDocumentFactory.php
@@ -30,15 +30,22 @@ public static function fromString(string $xml) : DOMDocument
     {
         if (trim($xml) === '') {
             throw InvalidArgumentException::invalidType('non-empty string', $xml);
+        } elseif (preg_match('/<(\s*)!(\s*)DOCTYPE/', $xml)) {
+            throw new RuntimeException(
+                'Dangerous XML detected, DOCTYPE nodes are not allowed in the XML body'
+            );
         } elseif (PHP_VERSION_ID < 80000) {
             $entityLoader = libxml_disable_entity_loader(true);
+        } else {
+            libxml_set_external_entity_loader(null);
         }
 
         $internalErrors = libxml_use_internal_errors(true);
         libxml_clear_errors();
 
         $domDocument = self::create();
-        $options = LIBXML_DTDLOAD | LIBXML_DTDATTR | LIBXML_NONET | LIBXML_PARSEHUGE;
+        $options = LIBXML_NONET | LIBXML_PARSEHUGE;
+
         if (defined('LIBXML_COMPACT')) {
             $options |= LIBXML_COMPACT;
         }