Your WAN IP will not be able to access any XAMPP files or folders outside of the server's DocumentRoot folder the \xampp\htdocs
folder including any XAMPP related files or folders in this htdocs folder, which is the new security feature in 1.7.2 and I am sure you will appreciate this security measure as you would not want any old hacker gaining access to your PC via your Apache web server.
This security measure is configured in the \xampp\apache\conf\extra\httpd-xampp.conf
So if you put your web site in a folder in the \xampp\htdocs
folder your friend using the WAN IP should be able to access it.http://xxx.xxx.xxx.xxx/mywebsite
should then find the index file in the \xampp\htdocs\mywebsite
The configuration of a VirtualHost directive in the \xampp\apache\conf\extra\httpd-vhosts.conf
file can override this behavior and a forum search in the XAMPP for Windows for virtualhost
may find many examples of how to do this this.
BTW if you want your friend to access any file or folder or selected files and folders on your PC, including the XAMPP installation, then you would need to set up a Remote Access facility which is beyond the scope of this forum to assist.