From bcc6b6a58d4a802c3ba5d7483dfee6953b169554 Mon Sep 17 00:00:00 2001 From: Niels Dossche <7771979+nielsdos@users.noreply.github.com> Date: Sat, 11 Oct 2025 14:46:16 +0200 Subject: [PATCH 1/2] Add extra checks to Phar::mungServer() --- ext/phar/phar_object.c | 6 ++++-- .../tests/invalid_string_phar_mungserver.phpt | 15 +++++++++++++++ 2 files changed, 19 insertions(+), 2 deletions(-) create mode 100644 ext/phar/tests/invalid_string_phar_mungserver.phpt diff --git a/ext/phar/phar_object.c b/ext/phar/phar_object.c index c30145d9fb940..7e673010b95b4 100644 --- a/ext/phar/phar_object.c +++ b/ext/phar/phar_object.c @@ -897,7 +897,7 @@ PHP_METHOD(Phar, mungServer) phar_request_initialize(); ZEND_HASH_FOREACH_VAL(Z_ARRVAL_P(mungvalues), data) { - + ZVAL_DEREF(data); if (Z_TYPE_P(data) != IS_STRING) { zend_throw_exception_ex(phar_ce_PharException, 0, "Non-string value passed to Phar::mungServer(), expecting an array of any of these strings: PHP_SELF, REQUEST_URI, SCRIPT_FILENAME, SCRIPT_NAME"); RETURN_THROWS(); @@ -911,8 +911,10 @@ PHP_METHOD(Phar, mungServer) PHAR_G(phar_SERVER_mung_list) |= PHAR_MUNG_SCRIPT_NAME; } else if (zend_string_equals_literal(Z_STR_P(data), "SCRIPT_FILENAME")) { PHAR_G(phar_SERVER_mung_list) |= PHAR_MUNG_SCRIPT_FILENAME; + } else { + zend_throw_exception_ex(phar_ce_PharException, 0, "Invalid value passed to Phar::mungServer(), expecting an array of any of these strings: PHP_SELF, REQUEST_URI, SCRIPT_FILENAME, SCRIPT_NAME"); + RETURN_THROWS(); } - // TODO Warning for invalid value? } ZEND_HASH_FOREACH_END(); } /* }}} */ diff --git a/ext/phar/tests/invalid_string_phar_mungserver.phpt b/ext/phar/tests/invalid_string_phar_mungserver.phpt new file mode 100644 index 0000000000000..46de113f6c087 --- /dev/null +++ b/ext/phar/tests/invalid_string_phar_mungserver.phpt @@ -0,0 +1,15 @@ +--TEST-- +Passing invalid string to Phar::mungServer() +--FILE-- +getMessage(), "\n"; +} + +?> +--EXPECT-- +Invalid value passed to Phar::mungServer(), expecting an array of any of these strings: PHP_SELF, REQUEST_URI, SCRIPT_FILENAME, SCRIPT_NAME From 993e7cc53620fcc00963986a695c80d2ac751fa6 Mon Sep 17 00:00:00 2001 From: Niels Dossche <7771979+nielsdos@users.noreply.github.com> Date: Mon, 13 Oct 2025 21:17:40 +0200 Subject: [PATCH 2/2] [ci skip] NEWS/UPGRADING --- NEWS | 5 +++++ UPGRADING | 7 +++++++ 2 files changed, 12 insertions(+) diff --git a/NEWS b/NEWS index 993bdda130cd9..986783ce042d3 100644 --- a/NEWS +++ b/NEWS @@ -20,6 +20,11 @@ PHP NEWS . Fixed bug GH-20051 (apache2 shutdowns when restart is requested during preloading). (Arnaud, welcomycozyhom) +- Phar: + . Support reference values in Phar::mungServer(). (nielsdos) + . Invalid values now throw in Phar::mungServer() instead of being silently + ignored. (nielsdos) + - Standard: . Fixed bug GH-19926 (reset internal pointer earlier while splicing array while COW violation flag is still set). (alexandre-daubois) diff --git a/UPGRADING b/UPGRADING index b9095380ed538..4b166bb5af463 100644 --- a/UPGRADING +++ b/UPGRADING @@ -19,6 +19,10 @@ PHP 8.6 UPGRADE NOTES 1. Backward Incompatible Changes ======================================== +- Phar: + . Invalid values now throw in Phar::mungServer() instead of being silently + ignored. + ======================================== 2. New Features ======================================== @@ -44,6 +48,9 @@ PHP 8.6 UPGRADE NOTES 5. Changed Functions ======================================== +- Phar: + . Phar::mungServer() now supports reference values. + ======================================== 6. New Functions ========================================