From f09aec9418c292e174067e25bbf2deadd774782f Mon Sep 17 00:00:00 2001 From: Niels Dossche <7771979+ndossche@users.noreply.github.com> Date: Sun, 2 Nov 2025 21:48:29 +0100 Subject: [PATCH] Fixes to uri serialization - Incoming data should never have an INDIRECT element, that would be a violation of the rules wrt the INDIRECT types. Therefore there was never a need to use the _ind variant of the hash table find. - It doesn't matter now because there are no properties; but the get_properties handler cannot be used in the output of a __serialize call as that would expose INDIRECT elements. To prevent issues in the future, make it an empty array as a placeholder. If in the future properties are added, then this will hard fail instead of silently fail with INDIRECTs. --- ext/uri/php_uri.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/ext/uri/php_uri.c b/ext/uri/php_uri.c index eb0d105b52c7d..4a1207de89942 100644 --- a/ext/uri/php_uri.c +++ b/ext/uri/php_uri.c @@ -800,8 +800,7 @@ PHP_METHOD(Uri_Rfc3986_Uri, __serialize) zend_hash_next_index_insert(Z_ARRVAL_P(return_value), &arr); /* Serialize regular properties: second array */ - ZVAL_ARR(&arr, uri_object->std.handlers->get_properties(&uri_object->std)); - Z_TRY_ADDREF(arr); + ZVAL_EMPTY_ARRAY(&arr); zend_hash_next_index_insert(Z_ARRVAL_P(return_value), &arr); } @@ -840,7 +839,7 @@ static void uri_unserialize(INTERNAL_FUNCTION_PARAMETERS) RETURN_THROWS(); } - zval *uri_zv = zend_hash_str_find_ind(Z_ARRVAL_P(arr), ZEND_STRL(PHP_URI_SERIALIZE_URI_FIELD_NAME)); + zval *uri_zv = zend_hash_str_find(Z_ARRVAL_P(arr), ZEND_STRL(PHP_URI_SERIALIZE_URI_FIELD_NAME)); if (uri_zv == NULL || Z_TYPE_P(uri_zv) != IS_STRING) { zend_throw_exception_ex(NULL, 0, "Invalid serialization data for %s object", ZSTR_VAL(uri_object->std.ce->name)); RETURN_THROWS(); @@ -990,8 +989,7 @@ PHP_METHOD(Uri_WhatWg_Url, __serialize) zend_hash_next_index_insert(Z_ARRVAL_P(return_value), &arr); /* Serialize regular properties: second array */ - ZVAL_ARR(&arr, this_object->std.handlers->get_properties(&this_object->std)); - Z_ADDREF(arr); + ZVAL_EMPTY_ARRAY(&arr); zend_hash_next_index_insert(Z_ARRVAL_P(return_value), &arr); }