Skip to content

[pull] master from php:master #910

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
pull merged 5 commits into from
May 4, 2026
Merged

[pull] master from php:master #910

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
eba954d
ext/phar: Readability Improvements in phar_fancy_stat() (#21865)
LamentXU123 May 4, 2026
2f4a214
ext/standard: Reject null bytes in parse_str() (#21942)
LamentXU123 May 4, 2026
6e87107
ext/mysqlnd: Fix persistent free of non-persistent connect_attr key.
devnexen May 2, 2026
92015ec
Merge branch 'PHP-8.4' into PHP-8.5
devnexen May 4, 2026
8d8f5f7
Merge branch 'PHP-8.5'
devnexen May 4, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions NEWS
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -191,6 +191,8 @@ PHP NEWS
(Weilin Du)
. getenv() and putenv() now raises a ValueError when the first argument
contains null bytes. (Weilin Du)
. parse_str() now raises a ValueError when the $string argument contains
null bytes. (Weilin Du)
. proc_open() now raises a ValueError when the $cwd argument contains
null bytes. (Weilin Du)

Expand Down
2 changes: 2 additions & 0 deletions UPGRADING
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -99,6 +99,8 @@ PHP 8.6 UPGRADE NOTES
argument value is passed.
. getenv() and putenv() now raises a ValueError when the first argument
contains null bytes.
. parse_str() now raises a ValueError when the $string argument contains
null bytes.
. linkinfo() now raises a ValueError when the $path argument is empty.
. pathinfo() now raises a ValueError when an invalid $flag
argument value is passed.
Expand Down
26 changes: 26 additions & 0 deletions ext/mysqli/tests/mysqli_real_connect_retry_attr.phpt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
--TEST--
mysqli_real_connect() retry on same handle does not corrupt mysqlnd connect_attr
--EXTENSIONS--
mysqli
--SKIPIF--
<?php
require_once 'skipifconnectfailure.inc';
?>
--FILE--
<?php

require 'connect.inc';

$link = mysqli_init();
@mysqli_real_connect($link, $host, $user, 'bogus_password_to_force_failure', $db, $port, $socket);

if (!mysqli_real_connect($link, $host, $user, $passwd, $db, $port, $socket)) {
printf("[001] [%d] %s\n", mysqli_connect_errno(), mysqli_connect_error());
}

mysqli_close($link);

print "done!";
?>
--EXPECT--
done!
9 changes: 3 additions & 6 deletions ext/mysqlnd/mysqlnd_connection.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1557,17 +1557,14 @@ MYSQLND_METHOD(mysqlnd_conn_data, set_client_option_2d)(MYSQLND_CONN_DATA * cons
zval attrz;
zend_string *str;

str = zend_string_init(key, strlen(key), conn->persistent);
ZVAL_NEW_STR(&attrz, zend_string_init(value, strlen(value), conn->persistent));
if (conn->persistent) {
str = zend_string_init(key, strlen(key), 1);
GC_MAKE_PERSISTENT_LOCAL(str);
ZVAL_NEW_STR(&attrz, zend_string_init(value, strlen(value), 1));
GC_MAKE_PERSISTENT_LOCAL(Z_COUNTED(attrz));
} else {
str = zend_string_init(key, strlen(key), 0);
ZVAL_NEW_STR(&attrz, zend_string_init(value, strlen(value), 0));
}
zend_hash_update(conn->options->connect_attr, str, &attrz);
zend_string_release_ex(str, 1);
zend_string_release_ex(str, conn->persistent);
}
break;
default:
Expand Down
30 changes: 13 additions & 17 deletions ext/phar/func_interceptors.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -323,10 +323,6 @@ static void phar_fancy_stat(zend_stat_t *stat_sb, int type, zval *return_value)
zval stat_dev, stat_ino, stat_mode, stat_nlink, stat_uid, stat_gid, stat_rdev,
stat_size, stat_atime, stat_mtime, stat_ctime, stat_blksize, stat_blocks;
int rmask=S_IROTH, wmask=S_IWOTH, xmask=S_IXOTH; /* access rights defaults to other */
char *stat_sb_names[13] = {
"dev", "ino", "mode", "nlink", "uid", "gid", "rdev",
"size", "atime", "mtime", "ctime", "blksize", "blocks"
};

if (type >= FS_IS_W && type <= FS_IS_X) {
if(stat_sb->st_uid==getuid()) {
Expand Down Expand Up @@ -443,19 +439,19 @@ static void phar_fancy_stat(zend_stat_t *stat_sb, int type, zval *return_value)
zend_hash_next_index_insert(Z_ARRVAL_P(return_value), &stat_blocks);

/* Store string indexes referencing the same zval*/
zend_hash_str_update(Z_ARRVAL_P(return_value), stat_sb_names[0], strlen(stat_sb_names[0]), &stat_dev);
zend_hash_str_update(Z_ARRVAL_P(return_value), stat_sb_names[1], strlen(stat_sb_names[1]), &stat_ino);
zend_hash_str_update(Z_ARRVAL_P(return_value), stat_sb_names[2], strlen(stat_sb_names[2]), &stat_mode);
zend_hash_str_update(Z_ARRVAL_P(return_value), stat_sb_names[3], strlen(stat_sb_names[3]), &stat_nlink);
zend_hash_str_update(Z_ARRVAL_P(return_value), stat_sb_names[4], strlen(stat_sb_names[4]), &stat_uid);
zend_hash_str_update(Z_ARRVAL_P(return_value), stat_sb_names[5], strlen(stat_sb_names[5]), &stat_gid);
zend_hash_str_update(Z_ARRVAL_P(return_value), stat_sb_names[6], strlen(stat_sb_names[6]), &stat_rdev);
zend_hash_str_update(Z_ARRVAL_P(return_value), stat_sb_names[7], strlen(stat_sb_names[7]), &stat_size);
zend_hash_str_update(Z_ARRVAL_P(return_value), stat_sb_names[8], strlen(stat_sb_names[8]), &stat_atime);
zend_hash_str_update(Z_ARRVAL_P(return_value), stat_sb_names[9], strlen(stat_sb_names[9]), &stat_mtime);
zend_hash_str_update(Z_ARRVAL_P(return_value), stat_sb_names[10], strlen(stat_sb_names[10]), &stat_ctime);
zend_hash_str_update(Z_ARRVAL_P(return_value), stat_sb_names[11], strlen(stat_sb_names[11]), &stat_blksize);
zend_hash_str_update(Z_ARRVAL_P(return_value), stat_sb_names[12], strlen(stat_sb_names[12]), &stat_blocks);
zend_hash_str_update(Z_ARRVAL_P(return_value), ZEND_STRL("dev"), &stat_dev);
zend_hash_str_update(Z_ARRVAL_P(return_value), ZEND_STRL("ino"), &stat_ino);
zend_hash_str_update(Z_ARRVAL_P(return_value), ZEND_STRL("mode"), &stat_mode);
zend_hash_str_update(Z_ARRVAL_P(return_value), ZEND_STRL("nlink"), &stat_nlink);
zend_hash_str_update(Z_ARRVAL_P(return_value), ZEND_STRL("uid"), &stat_uid);
zend_hash_str_update(Z_ARRVAL_P(return_value), ZEND_STRL("gid"), &stat_gid);
zend_hash_str_update(Z_ARRVAL_P(return_value), ZEND_STRL("rdev"), &stat_rdev);
zend_hash_str_update(Z_ARRVAL_P(return_value), ZEND_STRL("size"), &stat_size);
zend_hash_str_update(Z_ARRVAL_P(return_value), ZEND_STRL("atime"), &stat_atime);
zend_hash_str_update(Z_ARRVAL_P(return_value), ZEND_STRL("mtime"), &stat_mtime);
zend_hash_str_update(Z_ARRVAL_P(return_value), ZEND_STRL("ctime"), &stat_ctime);
zend_hash_str_update(Z_ARRVAL_P(return_value), ZEND_STRL("blksize"), &stat_blksize);
zend_hash_str_update(Z_ARRVAL_P(return_value), ZEND_STRL("blocks"), &stat_blocks);

return;
}
Expand Down
2 changes: 1 addition & 1 deletion ext/standard/string.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5012,7 +5012,7 @@ PHP_FUNCTION(parse_str)
size_t arglen;

ZEND_PARSE_PARAMETERS_START(2, 2)
Z_PARAM_STRING(arg, arglen)
Z_PARAM_PATH(arg, arglen)
Z_PARAM_ZVAL(arrayArg)
ZEND_PARSE_PARAMETERS_END();

Expand Down
14 changes: 14 additions & 0 deletions ext/standard/tests/strings/parse_str_null_bytes.phpt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
--TEST--
parse_str() rejects null bytes
--FILE--
<?php

try {
parse_str("a=1\0&b=2", $result);
} catch (ValueError $e) {
echo $e->getMessage(), "\n";
}

?>
--EXPECT--
parse_str(): Argument #1 ($string) must not contain any null bytes