uri: Use the “includes credentials” rule for WhatWg user/password getters

[TimWolla]

Thinking about #20208 (comment) this change seems to be most in line with the current semantics of distinguishing between null and "" for WHATWG. If we decide that null doesn't make sense for WHATWG, we can still change this, but for now this seems to be an actual bug fix.

---

The URL serializing algorithm from the WHATWG URL Standard uses an “includes credentials” rule to decide whether or not to include the @ in the output, indicating the presence of a userinfo component in RFC 3986 terminology. Use this rule to determine whether or not an empty username or password should be returned as the empty string (present but empty) or NULL (not present).

[kocsismate]

This pretty much makes sense to me :)

[kocsismate]

P.S.: Now that I'm working on adding more tests, I realized that the RFC3986 implementation may also benefit from the same return value consolidation:

• php-src/ext/uri/uri_parser_rfc3986.c

  Line 205 in 79a5804

  ZVAL_NULL(retval);

• php-src/ext/uri/uri_parser_rfc3986.c

  Line 224 in 79a5804

  ZVAL_NULL(retval);

[kocsismate]

Oops, a few tests fail

[TimWolla]

Oops, a few tests fail

For this one I wanted to wait a bit whether or not the upstream lexbor issue is acknowledged before working around it.

[TimWolla]

While upstream seems to have acknowledged the issue, a fix is not yet available. I've therefore worked around the (NULL, 0) case in php-src.

[TimWolla]

I've therefore worked around the (NULL, 0) case in php-src.

I can't wait for https://developers.redhat.com/articles/2024/12/11/making-memcpynull-null-0-well-defined to happen.