Merge branch 'PHP-8.5'

TimWolla · TimWolla · commit 82249dcbf477 · 2025-11-01T14:15:29.000+01:00
* PHP-8.5: uri: Use the “includes credentials” rule for WhatWg user/password getters (php#20303)
diff --git a/ext/uri/tests/whatwg/modification/password_success_unset_existing.phpt b/ext/uri/tests/whatwg/modification/password_success_unset_existing.phpt
@@ -15,5 +15,5 @@ var_dump($url2->toAsciiString());
 ?>
 --EXPECT--
 string(8) "password"
-NULL
+string(0) ""
 string(29) "https://username@example.com/"
diff --git a/ext/uri/tests/whatwg/modification/password_success_unset_existing2.phpt b/ext/uri/tests/whatwg/modification/password_success_unset_existing2.phpt
@@ -0,0 +1,19 @@
+--TEST--
+Test Uri\WhatWg\Url component modification - password - unsetting existing
+--EXTENSIONS--
+uri
+--FILE--
+<?php
+
+$url1 = Uri\WhatWg\Url::parse("https://:password@example.com");
+$url2 = $url1->withPassword(null);
+
+var_dump($url1->getPassword());
+var_dump($url2->getPassword());
+var_dump($url2->toAsciiString());
+
+?>
+--EXPECT--
+string(8) "password"
+NULL
+string(20) "https://example.com/"
diff --git a/ext/uri/tests/whatwg/modification/password_success_unset_non_existent2.phpt b/ext/uri/tests/whatwg/modification/password_success_unset_non_existent2.phpt
@@ -14,6 +14,6 @@ var_dump($url2->toAsciiString());
 
 ?>
 --EXPECT--
-NULL
-NULL
+string(0) ""
+string(0) ""
 string(29) "https://username@example.com/"
diff --git a/ext/uri/tests/whatwg/modification/username_success_unset_existing.phpt b/ext/uri/tests/whatwg/modification/username_success_unset_existing.phpt
@@ -15,5 +15,5 @@ var_dump($url2->toAsciiString());
 ?>
 --EXPECT--
 string(8) "username"
-NULL
+string(0) ""
 string(30) "https://:password@example.com/"
diff --git a/ext/uri/tests/whatwg/modification/username_success_unset_existing2.phpt b/ext/uri/tests/whatwg/modification/username_success_unset_existing2.phpt
@@ -0,0 +1,19 @@
+--TEST--
+Test Uri\WhatWg\Url component modification - username - unsetting existing
+--EXTENSIONS--
+uri
+--FILE--
+<?php
+
+$url1 = Uri\WhatWg\Url::parse("https://username:@example.com");
+$url2 = $url1->withUsername(null);
+
+var_dump($url1->getUsername());
+var_dump($url2->getUsername());
+var_dump($url2->toAsciiString());
+
+?>
+--EXPECT--
+string(8) "username"
+NULL
+string(20) "https://example.com/"
diff --git a/ext/uri/tests/whatwg/modification/username_success_unset_non_existent2.phpt b/ext/uri/tests/whatwg/modification/username_success_unset_non_existent2.phpt
@@ -14,6 +14,6 @@ var_dump($url2->toAsciiString());
 
 ?>
 --EXPECT--
-NULL
-NULL
+string(0) ""
+string(0) ""
 string(30) "https://:password@example.com/"
diff --git a/ext/uri/uri_parser_whatwg.c b/ext/uri/uri_parser_whatwg.c
@@ -274,12 +274,18 @@ static zend_result php_uri_parser_whatwg_scheme_write(void *uri, zval *value, zv
 	return SUCCESS;
 }
 
+/* 4.2. URL miscellaneous: A URL includes credentials if its username or password is not the empty string. */
+static bool includes_credentials(const lxb_url_t *lexbor_uri)
+{
+	return lexbor_uri->username.length > 0 || lexbor_uri->password.length > 0;
+}
+
 static zend_result php_uri_parser_whatwg_username_read(void *uri, php_uri_component_read_mode read_mode, zval *retval)
 {
 	const lxb_url_t *lexbor_uri = uri;
 
-	if (lexbor_uri->username.length) {
-		ZVAL_STRINGL(retval, (const char *) lexbor_uri->username.data, lexbor_uri->username.length);
+	if (includes_credentials(lexbor_uri)) {
+		ZVAL_STRINGL_FAST(retval, (const char *) lexbor_uri->username.data, lexbor_uri->username.length);
 	} else {
 		ZVAL_NULL(retval);
 	}
@@ -307,8 +313,8 @@ static zend_result php_uri_parser_whatwg_password_read(void *uri, php_uri_compon
 {
 	const lxb_url_t *lexbor_uri = uri;
 
-	if (lexbor_uri->password.length > 0) {
-		ZVAL_STRINGL(retval, (const char *) lexbor_uri->password.data, lexbor_uri->password.length);
+	if (includes_credentials(lexbor_uri)) {
+		ZVAL_STRINGL_FAST(retval, (const char *) lexbor_uri->password.data, lexbor_uri->password.length);
 	} else {
 		ZVAL_NULL(retval);
 	}

Original file line number	Diff line number	Diff line change
`@@ -274,12 +274,18 @@ static zend_result php_uri_parser_whatwg_scheme_write(void uri, zval value, zv`
`274`	`274`	`return SUCCESS;`
`275`	`275`	`}`
`276`	`276`
	`277`	`+/* 4.2. URL miscellaneous: A URL includes credentials if its username or password is not the empty string. */`
	`278`	`+static bool includes_credentials(const lxb_url_t *lexbor_uri)`
	`279`	`+{`
	`280`	`+ return lexbor_uri->username.length > 0 \|\| lexbor_uri->password.length > 0;`
	`281`	`+}`
	`282`	`+`
`277`	`283`	`static zend_result php_uri_parser_whatwg_username_read(void uri, php_uri_component_read_mode read_mode, zval retval)`
`278`	`284`	`{`
`279`	`285`	`const lxb_url_t *lexbor_uri = uri;`
`280`	`286`
`281`		`- if (lexbor_uri->username.length) {`
`282`		`- ZVAL_STRINGL(retval, (const char *) lexbor_uri->username.data, lexbor_uri->username.length);`
	`287`	`+ if (includes_credentials(lexbor_uri)) {`
	`288`	`+ ZVAL_STRINGL_FAST(retval, (const char *) lexbor_uri->username.data, lexbor_uri->username.length);`
`283`	`289`	`} else {`
`284`	`290`	`ZVAL_NULL(retval);`
`285`	`291`	`}`
`@@ -307,8 +313,8 @@ static zend_result php_uri_parser_whatwg_password_read(void *uri, php_uri_compon`
`307`	`313`	`{`
`308`	`314`	`const lxb_url_t *lexbor_uri = uri;`
`309`	`315`
`310`		`- if (lexbor_uri->password.length > 0) {`
`311`		`- ZVAL_STRINGL(retval, (const char *) lexbor_uri->password.data, lexbor_uri->password.length);`
	`316`	`+ if (includes_credentials(lexbor_uri)) {`
	`317`	`+ ZVAL_STRINGL_FAST(retval, (const char *) lexbor_uri->password.data, lexbor_uri->password.length);`
`312`	`318`	`} else {`
`313`	`319`	`ZVAL_NULL(retval);`
`314`	`320`	`}`