From 2f9abb2a115967fb8e14856c66fb60269ffb07f5 Mon Sep 17 00:00:00 2001
From: Pinga <121483313+getpinga@users.noreply.github.com>
Date: Wed, 9 Aug 2023 14:40:36 +0300
Subject: [PATCH] XXE vulnerability prevention

---
 epp/epp.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/epp/epp.php b/epp/epp.php
index e1d8425..10a7f2e 100644
--- a/epp/epp.php
+++ b/epp/epp.php
@@ -48,7 +48,11 @@ $server->handle(function (Connection $conn) use ($table, $db) {
         $length = unpack('N', substr($data, 0, 4))[1];
         $xmlData = substr($data, 4, $length - 4);
 
-        $xml = simplexml_load_string($xmlData, 'SimpleXMLElement', LIBXML_DTDLOAD | LIBXML_NOENT);
+        // If you're using PHP < 8.0
+        libxml_disable_entity_loader(true);
+        libxml_use_internal_errors(true);
+
+        $xml = simplexml_load_string($xmlData);
         $xml->registerXPathNamespace('e', 'urn:ietf:params:xml:ns:epp-1.0');
         $xml->registerXPathNamespace('xsi', 'http://www.w3.org/2001/XMLSchema-instance');
         $xml->registerXPathNamespace('domain', 'urn:ietf:params:xml:ns:domain-1.0');