[pull] master from php:master

NEWS

@@ -13,6 +13,8 @@ PHP                                                                        NEWS
     deprecated. (alexandre-daubois)
   . Fixed bug GH-19681 (PHP_EXPAND_PATH broken with bash 5.3.0). (Remi)
   . Marks the stack as non-executable on Haiku. (David Carlier)
+  . Deriving $_SERVER['argc'] and $_SERVER['argv'] from the query string is
+    now deprecated. (timwolla, nicolasgrekas)
 
 - CLI:
   . Fixed bug GH-19461 (Improve error message on listening error with IPv6

UPGRADING

@@ -387,6 +387,11 @@ PHP 8.5 UPGRADE NOTES
   . Using null as an array offset or when calling array_key_exists() is now
     deprecated. Instead an empty string should be used.
     RFC: https://wiki.php.net/rfc/deprecations_php_8_5#deprecate_using_values_null_as_an_array_offset_and_when_calling_array_key_exists
+  . Deriving $_SERVER['argc'] and $_SERVER['argv'] from the query string for non-CLI
+    SAPIs has been deprecated. Configure register_argc_argv=0 and switch to either
+    $_GET or $_SERVER['QUERY_STRING'] to access the information, after verifying
+    that the usage is safe.
+    RFC: https://wiki.php.net/rfc/deprecations_php_8_5#deprecate_the_register_argc_argv_ini_directive
 
 - Curl:
   . The curl_close() function has been deprecated, as CurlHandle objects are

ext/intl/dateformat/dateformat_create.cpp

@@ -115,8 +115,8 @@ static zend_result datefmt_ctor(INTERNAL_FUNCTION_PARAMETERS)
 	locale = Locale::createFromName(final_locale);
 	/* get*Name accessors being set does not preclude being bogus */
 	if (locale.isBogus() || ((locale_len == 1 && locale_str[0] != 'C') || (locale_len > 1 && strlen(locale.getISO3Language()) == 0))) {
-        zend_argument_value_error(1, "\"%s\" is invalid", locale_str);
-		return FAILURE;
+		zend_argument_value_error(1, "\"%s\" is invalid", locale_str);
+		goto error;
 	}
 
 	/* process calendar */

ext/intl/tests/gh11942_datefmt_locale_canonicalization.phpt

@@ -1,5 +1,5 @@
 --TEST--
-Fix GH-11942: IntlDateFormatter should canonicalize locale strings
+GH-11942 (IntlDateFormatter should canonicalize locale strings)
 --EXTENSIONS--
 intl
 --FILE--

ext/intl/tests/gh11942_numfmt_locale_canonicalization.phpt

@@ -1,5 +1,5 @@
 --TEST--
-Fix GH-11942: NumberFormatter should canonicalize locale strings
+GH-11942 (NumberFormatter should canonicalize locale strings)
 --EXTENSIONS--
 intl
 --FILE--

ext/standard/mail.c

@@ -495,14 +495,14 @@ PHPAPI bool php_mail(const char *to, const char *subject, const char *message, c
 	}
 
 	char *line_sep;
-	const char *cr_lf_mode = PG(mail_cr_lf_mode);
+	zend_string *cr_lf_mode = PG(mail_cr_lf_mode);
 
-	if (cr_lf_mode && strcmp(cr_lf_mode, "crlf") != 0) {
-		if (strcmp(cr_lf_mode, "lf") == 0) {
+	if (cr_lf_mode && !zend_string_equals_literal(cr_lf_mode, "crlf")) {
+		if (zend_string_equals_literal(cr_lf_mode, "lf")) {
 			line_sep = "\n";
-		} else if (strcmp(cr_lf_mode, "mixed") == 0) {
+		} else if (zend_string_equals_literal(cr_lf_mode, "mixed")) {
 			line_sep = "\n";
-		} else if (strcmp(cr_lf_mode, "os") == 0) {
+		} else if (zend_string_equals_literal(cr_lf_mode, "os")) {
 #ifdef PHP_WIN32
 			line_sep = "\r\n";
 #else
@@ -609,7 +609,7 @@ PHPAPI bool php_mail(const char *to, const char *subject, const char *message, c
 
 		fprintf(sendmail, "%s", line_sep);
 
-		if (cr_lf_mode && strcmp(cr_lf_mode, "lf") == 0) {
+		if (cr_lf_mode && zend_string_equals_literal(cr_lf_mode, "lf")) {
 			char *converted_message = NULL;
 			size_t msg_len = strlen(message);
 			size_t new_len = 0;

ext/standard/tests/general_functions/bug43293_1.phpt

@@ -21,4 +21,5 @@ array(3) {
   [2]=>
   int(3)
 }
-bool(false)
+array(0) {
+}

ext/uri/php_uri.c

@@ -830,9 +830,7 @@ static void uri_unserialize(INTERNAL_FUNCTION_PARAMETERS)
 	}
 
 	uri_internal_t *internal_uri = uri_internal_from_obj(object);
-	if (internal_uri->uri != NULL) {
-		internal_uri->parser->free_uri(internal_uri->uri);
-	}
+	internal_uri->parser->free_uri(internal_uri->uri);
 	internal_uri->uri = internal_uri->parser->parse_uri(Z_STRVAL_P(uri_zv), Z_STRLEN_P(uri_zv), NULL, NULL, true);
 	if (internal_uri->uri == NULL) {
 		zend_throw_exception_ex(NULL, 0, "Invalid serialization data for %s object", ZSTR_VAL(object->ce->name));
@@ -1025,12 +1023,7 @@ PHPAPI void php_uri_object_handler_free(zend_object *object)
 {
 	uri_object_t *uri_object = uri_object_from_obj(object);
 
-	if (UNEXPECTED(uri_object->internal.uri != NULL)) {
-		uri_object->internal.parser->free_uri(uri_object->internal.uri);
-		uri_object->internal.parser = NULL;
-		uri_object->internal.uri = NULL;
-	}
-
+	uri_object->internal.parser->free_uri(uri_object->internal.uri);
 	zend_object_std_dtor(&uri_object->std);
 }
 

ext/uri/php_uri_common.h

@@ -122,7 +122,7 @@ typedef struct uri_parser_t {
 	/**
 	 * Frees the provided URI.
 	 *
-	 * @param uri The input URI
+	 * @param uri The URI to free. Must do nothing if NULL.
 	 */
 	void (*free_uri)(void *uri);
 

ext/uri/uri_parser_php_parse_url.c

@@ -158,6 +158,10 @@ static void uri_parser_php_parse_url_free(void *uri)
 {
 	php_url *parse_url_uri = uri;
 
+	if (UNEXPECTED(parse_url_uri == NULL)) {
+		return;
+	}
+
 	php_url_free(parse_url_uri);
 }
 

ext/uri/uri_parser_rfc3986.c

@@ -554,10 +554,14 @@ ZEND_ATTRIBUTE_NONNULL static zend_string *php_uri_parser_rfc3986_to_string(void
 	return uri_string;
 }
 
-ZEND_ATTRIBUTE_NONNULL static void php_uri_parser_rfc3986_free(void *uri)
+static void php_uri_parser_rfc3986_free(void *uri)
 {
 	php_uri_parser_rfc3986_uris *uriparser_uris = uri;
 
+	if (UNEXPECTED(uriparser_uris == NULL)) {
+		return;
+	}
+
 	uriFreeUriMembersMmA(&uriparser_uris->uri, mm);
 	uriFreeUriMembersMmA(&uriparser_uris->normalized_uri, mm);
 

main/main.c

@@ -725,12 +725,11 @@ static PHP_INI_MH(OnUpdateMailLog)
 static PHP_INI_MH(OnUpdateMailCrLfMode)
 {
 	if (new_value) {
-		const char *val = ZSTR_VAL(new_value);
 		if (ZSTR_LEN(new_value) > 0 &&
-			strcmp(val, "crlf") != 0 &&
-			strcmp(val, "lf") != 0 &&
-			strcmp(val, "mixed") != 0 &&
-			strcmp(val, "os") != 0) {
+			!zend_string_equals_literal(new_value, "crlf") &&
+			!zend_string_equals_literal(new_value, "lf") &&
+			!zend_string_equals_literal(new_value, "mixed") &&
+			!zend_string_equals_literal(new_value, "os")) {
 			int err_type;
 
 			if (stage == ZEND_INI_STAGE_RUNTIME) {
@@ -740,13 +739,13 @@ static PHP_INI_MH(OnUpdateMailCrLfMode)
 			}
 
 			if (stage != ZEND_INI_STAGE_DEACTIVATE) {
-				php_error_docref(NULL, err_type, "Invalid value \"%s\" for mail.cr_lf_mode. Must be one of: \"crlf\", \"lf\", \"mixed\", \"os\"", val);
+				php_error_docref(NULL, err_type, "Invalid value \"%s\" for mail.cr_lf_mode. Must be one of: \"crlf\", \"lf\", \"mixed\", \"os\"", ZSTR_VAL(new_value));
 			}
 
 			return FAILURE;
 		}
 	}
-	OnUpdateString(entry, new_value, mh_arg1, mh_arg2, mh_arg3, stage);
+	OnUpdateStr(entry, new_value, mh_arg1, mh_arg2, mh_arg3, stage);
 	return SUCCESS;
 }
 /* }}} */

main/php_globals.h

@@ -152,9 +152,9 @@ struct _php_core_globals {
 	char *request_order;
 
 	char *mail_log;
+	zend_string *mail_cr_lf_mode;
 	bool mail_x_header;
 	bool mail_mixed_lf_and_crlf;
-	char *mail_cr_lf_mode;
 
 	bool in_error_log;
 

main/php_variables.c

@@ -785,10 +785,13 @@ static void php_autoglobal_merge(HashTable *dest, HashTable *src)
 PHPAPI zend_result php_hash_environment(void)
 {
 	memset(PG(http_globals), 0, sizeof(PG(http_globals)));
+	/* Register $argc and $argv for CLI SAPIs. $_SERVER['argc'] and $_SERVER['argv']
+	 * will be registered in php_auto_globals_create_server() which clears
+	 * PG(http_globals)[TRACK_VARS_SERVER] anyways, making registration at this point
+	 * useless.
+	 */
+	php_build_argv(NULL, NULL);
 	zend_activate_auto_globals();
-	if (PG(register_argc_argv)) {
-		php_build_argv(SG(request_info).query_string, &PG(http_globals)[TRACK_VARS_SERVER]);
-	}
 	return SUCCESS;
 }
 /* }}} */
@@ -875,19 +878,18 @@ static bool php_auto_globals_create_server(zend_string *name)
 	if (PG(variables_order) && (strchr(PG(variables_order),'S') || strchr(PG(variables_order),'s'))) {
 		php_register_server_variables();
 
-		if (PG(register_argc_argv)) {
-			if (SG(request_info).argc) {
-				zval *argc, *argv;
+		if (SG(request_info).argc) {
+			zval *argc, *argv;
 
-				if ((argc = zend_hash_find_ex_ind(&EG(symbol_table), ZSTR_KNOWN(ZEND_STR_ARGC), 1)) != NULL &&
-					(argv = zend_hash_find_ex_ind(&EG(symbol_table), ZSTR_KNOWN(ZEND_STR_ARGV), 1)) != NULL) {
-					Z_ADDREF_P(argv);
-					zend_hash_update(Z_ARRVAL(PG(http_globals)[TRACK_VARS_SERVER]), ZSTR_KNOWN(ZEND_STR_ARGV), argv);
-					zend_hash_update(Z_ARRVAL(PG(http_globals)[TRACK_VARS_SERVER]), ZSTR_KNOWN(ZEND_STR_ARGC), argc);
-				}
-			} else {
-				php_build_argv(SG(request_info).query_string, &PG(http_globals)[TRACK_VARS_SERVER]);
+			if ((argc = zend_hash_find_ex_ind(&EG(symbol_table), ZSTR_KNOWN(ZEND_STR_ARGC), 1)) != NULL &&
+				(argv = zend_hash_find_ex_ind(&EG(symbol_table), ZSTR_KNOWN(ZEND_STR_ARGV), 1)) != NULL) {
+				Z_ADDREF_P(argv);
+				zend_hash_update(Z_ARRVAL(PG(http_globals)[TRACK_VARS_SERVER]), ZSTR_KNOWN(ZEND_STR_ARGV), argv);
+				zend_hash_update(Z_ARRVAL(PG(http_globals)[TRACK_VARS_SERVER]), ZSTR_KNOWN(ZEND_STR_ARGC), argc);
 			}
+		} else if (PG(register_argc_argv)) {
+			zend_error(E_DEPRECATED, "Deriving $_SERVER['argv'] from the query string is deprecated. Configure register_argc_argv=0 to turn this message off");
+			php_build_argv(SG(request_info).query_string, &PG(http_globals)[TRACK_VARS_SERVER]);
 		}
 
 	} else {

php.ini-development

@@ -662,7 +662,7 @@ request_order = "GP"
 ; enabled, registering these variables consumes CPU cycles and memory each time
 ; a script is executed. For security reasons, this feature should be disabled
 ; for non-CLI SAPIs.
-; Note: This directive is hardcoded to On for the CLI SAPI
+; Note: This directive is ignored for the CLI SAPI
 ; This directive is deprecated.
 ; https://php.net/register-argc-argv
 ;register_argc_argv = Off

php.ini-production

@@ -664,7 +664,7 @@ request_order = "GP"
 ; enabled, registering these variables consumes CPU cycles and memory each time
 ; a script is executed. For security reasons, this feature should be disabled
 ; for non-CLI SAPIs.
-; Note: This directive is hardcoded to On for the CLI SAPI
+; Note: This directive is ignored for the CLI SAPI
 ; This directive is deprecated.
 ; https://php.net/register-argc-argv
 ;register_argc_argv = Off

sapi/cli/php_cli.c

@@ -115,7 +115,6 @@ PHP_CLI_API cli_shell_callbacks_t *php_cli_get_shell_callbacks(void)
 
 static const char HARDCODED_INI[] =
 	"html_errors=0\n"
-	"register_argc_argv=1\n"
 	"implicit_flush=1\n"
 	"output_buffering=0\n"
 	"max_execution_time=0\n"

sapi/embed/php_embed.c

@@ -25,7 +25,6 @@
 
 static const char HARDCODED_INI[] =
 	"html_errors=0\n"
-	"register_argc_argv=1\n"
 	"implicit_flush=1\n"
 	"output_buffering=0\n"
 	"max_execution_time=0\n"

sapi/fpm/tests/bug75712-getenv-server-vars_001.phpt

@@ -0,0 +1,68 @@
+--TEST--
+FPM: bug75712 - getenv should not read from $_ENV and $_SERVER
+--SKIPIF--
+<?php include "skipif.inc"; ?>
+--FILE--
+<?php
+
+require_once "tester.inc";
+
+$cfg = <<<EOT
+[global]
+error_log = {{FILE:LOG}}
+[unconfined]
+listen = {{ADDR}}
+pm = static
+pm.max_children = 1
+env[TEST] = test
+php_value[register_argc_argv] = on
+php_value[html_errors] = off
+EOT;
+
+$code = <<<EOT
+<?php
+
+var_dump(isset(getenv()['argv']));
+var_dump(isset(getenv()['SERVER_NAME']));
+var_dump(getenv()['TEST']);
+var_dump(isset(getenv()['DTEST']));
+var_dump(getenv('DTEST'));
+putenv('DTEST=dt');
+var_dump(getenv()['DTEST']);
+var_dump(getenv('DTEST'));
+
+function notcalled()
+{
+    \$_SERVER['argv'];
+}
+EOT;
+
+$tester = new FPM\Tester($cfg, $code);
+$tester->start();
+$tester->expectLogStartNotices();
+$response = $tester->request();
+echo "=====", PHP_EOL;
+$response->printBody();
+echo "=====", PHP_EOL;
+$tester->terminate();
+$tester->close();
+
+?>
+Done
+--EXPECTF--
+=====
+Deprecated: Deriving $_SERVER['argv'] from the query string is deprecated. Configure register_argc_argv=0 to turn this message off in %s on line %d
+bool(false)
+bool(true)
+string(4) "test"
+bool(false)
+bool(false)
+string(2) "dt"
+string(2) "dt"
+=====
+Done
+--CLEAN--
+<?php
+require_once "tester.inc";
+FPM\Tester::clean();
+?>

sapi/fpm/tests/bug75712-getenv-server-vars.phpt → sapi/fpm/tests/bug75712-getenv-server-vars_002.phpt

@@ -1,5 +1,5 @@
 --TEST--
-FPM: bug75712 - getenv should not read from $_ENV and $_SERVER
+FPM: bug75712 - getenv should not read from $_ENV and $_SERVER (register_argc_argv=off)
 --SKIPIF--
 <?php include "skipif.inc"; ?>
 --FILE--
@@ -15,7 +15,7 @@ listen = {{ADDR}}
 pm = static
 pm.max_children = 1
 env[TEST] = test
-php_value[register_argc_argv] = on
+php_value[register_argc_argv] = off
 EOT;
 
 $code = <<<EOT

sapi/phpdbg/phpdbg.c

@@ -982,7 +982,6 @@ static const opt_struct OPTIONS[] = { /* {{{ */
 
 const char phpdbg_ini_hardcoded[] =
 "html_errors=Off\n"
-"register_argc_argv=On\n"
 "implicit_flush=On\n"
 "display_errors=Off\n"
 "log_errors=On\n"

tests/basic/011.phpt

@@ -18,7 +18,8 @@ for ($i=0; $i<$argc; $i++) {
 }
 
 ?>
---EXPECT--
+--EXPECTF--
+Deprecated: Deriving $_SERVER['argv'] from the query string is deprecated. Configure register_argc_argv=0 to turn this message off in %s on line %d
 0: ab
 1: cd
 2: ef

tests/basic/011_empty_query.phpt

@@ -0,0 +1,20 @@
+--TEST--
+Testing $argc and $argv handling (GET empty)
+--SKIPIF--
+<?php
+    if(substr(PHP_OS, 0, 3) == 'WIN') die("skip on windows: --INI-- is ignored due to 4b9cd27ff5c0177dcb160caeae1ea79e761ada58");
+?>
+--INI--
+register_argc_argv=1
+--CGI--
+--FILE--
+<?php
+
+var_dump($_SERVER['argc'], $_SERVER['argv']);
+
+?>
+--EXPECTF--
+Deprecated: Deriving $_SERVER['argv'] from the query string is deprecated. Configure register_argc_argv=0 to turn this message off in %s on line %d
+int(0)
+array(0) {
+}