From 4a58cf36710b6a75f6278c5526e8cb68850d53b7 Mon Sep 17 00:00:00 2001
From: Ayesh Karunaratne <ayesh@aye.sh>
Date: Fri, 19 Sep 2025 17:42:08 +0700
Subject: [PATCH 1/4] CI: update `push.yml` `ignore-paths` to use YAML anchors
 aliases

GitHub Actions now supports YAML anchors and aliases[^1], so the
workflows can use them to avoid repeating lists.

[^1]: https://docs.github.com/en/actions/reference/workflows-and-actions/reusing-workflow-configurations#yaml-anchors-and-aliases

Closes #19882
---
 .github/workflows/push.yml | 13 ++-----------
 1 file changed, 2 insertions(+), 11 deletions(-)

diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml
index 47001d85bb3a2..b3dc70d042eff 100644
--- a/.github/workflows/push.yml
+++ b/.github/workflows/push.yml
@@ -1,7 +1,7 @@
 name: Push
 on:
   push:
-    paths-ignore:
+    paths-ignore: &ignore_paths
       - docs/**
       - NEWS
       - UPGRADING
@@ -18,16 +18,7 @@ on:
       - PHP-8.4
       - master
   pull_request:
-    paths-ignore:
-      - docs/**
-      - NEWS
-      - UPGRADING
-      - UPGRADING.INTERNALS
-      - '**/README.*'
-      - CONTRIBUTING.md
-      - CODING_STANDARDS.md
-      - .cirrus.yml
-      - .circleci/**
+    paths-ignore: *ignore_paths
     branches:
       - '**'
   workflow_dispatch: ~

From e408bcafb245b6e598fe656564aa6fd97414dec2 Mon Sep 17 00:00:00 2001
From: Shivam Mathur <shivam_jpr@hotmail.com>
Date: Fri, 19 Sep 2025 17:32:34 +0530
Subject: [PATCH 2/4] Fix early exit condition in phpize.bat (#19886)

---
 win32/build/phpize.bat | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/win32/build/phpize.bat b/win32/build/phpize.bat
index 57467d34231d0..a591d3f476443 100644
--- a/win32/build/phpize.bat
+++ b/win32/build/phpize.bat
@@ -1,7 +1,7 @@
 @echo off
 SET PHP_BUILDCONF_PATH=%~dp0
 cscript /nologo /e:jscript %PHP_BUILDCONF_PATH%\script\phpize.js %*
-IF ERRORLEVEL 0 exit /b 3
+IF %ERRORLEVEL% NEQ 0 exit /b 3
 IF NOT EXIST configure.bat (
 	echo Error generating configure script, configure script was not copied
 	exit /b 3

From 7a1bb711272540acc880215c51d818cd0c4f61b4 Mon Sep 17 00:00:00 2001
From: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
Date: Fri, 15 Aug 2025 11:06:53 +0200
Subject: [PATCH 3/4] Fix GH-19480: error_log php.ini cannot be unset when
 open_basedir is configured

Since the ini message handlers already check for basedir, we need to
drop the basedir check from ini_set. Then we also fix the exceptional
case for the empty string: it should bypass the basedir check.
Furthermore, there was a regression introduced with the error_log
"syslog" check in ddfe269a (inverted check), so we fix that as well.

Closes GH-19487
---
 NEWS                                         |  2 ++
 ext/standard/basic_functions.c               |  4 +---
 main/main.c                                  | 12 +++++++-----
 tests/security/error_log_special_values.phpt | 13 +++++++++++++
 4 files changed, 23 insertions(+), 8 deletions(-)
 create mode 100644 tests/security/error_log_special_values.phpt

diff --git a/NEWS b/NEWS
index b3cdd047e509f..ace911f500c44 100644
--- a/NEWS
+++ b/NEWS
@@ -12,6 +12,8 @@ PHP                                                                        NEWS
     closures can cause a crash). (nielsdos, Arnaud, Bob)
   . Fixed bug GH-19839 (Incorrect HASH_FLAG_HAS_EMPTY_IND flag on userland
     array). (ilutov)
+  . Fixed bug GH-19480 (error_log php.ini cannot be unset when open_basedir is
+    configured). (nielsdos)
 
 - Date:
   . Fixed GH-17159: "P" format for ::createFromFormat swallows string literals.
diff --git a/ext/standard/basic_functions.c b/ext/standard/basic_functions.c
index d2a99fccc95fe..02b63beb59d03 100644
--- a/ext/standard/basic_functions.c
+++ b/ext/standard/basic_functions.c
@@ -2037,10 +2037,8 @@ PHP_FUNCTION(ini_set)
 #define _CHECK_PATH(var, var_len, ini) php_ini_check_path(var, var_len, ini, sizeof(ini))
 	/* open basedir check */
 	if (PG(open_basedir)) {
-		if (_CHECK_PATH(ZSTR_VAL(varname), ZSTR_LEN(varname), "error_log") ||
-			_CHECK_PATH(ZSTR_VAL(varname), ZSTR_LEN(varname), "java.class.path") ||
+		if (_CHECK_PATH(ZSTR_VAL(varname), ZSTR_LEN(varname), "java.class.path") ||
 			_CHECK_PATH(ZSTR_VAL(varname), ZSTR_LEN(varname), "java.home") ||
-			_CHECK_PATH(ZSTR_VAL(varname), ZSTR_LEN(varname), "mail.log") ||
 			_CHECK_PATH(ZSTR_VAL(varname), ZSTR_LEN(varname), "java.library.path") ||
 			_CHECK_PATH(ZSTR_VAL(varname), ZSTR_LEN(varname), "vpopmail.directory")) {
 			if (php_check_open_basedir(ZSTR_VAL(new_value_str))) {
diff --git a/main/main.c b/main/main.c
index 60e970b76ad76..e7797a4f89e4a 100644
--- a/main/main.c
+++ b/main/main.c
@@ -625,12 +625,13 @@ static PHP_INI_MH(OnUpdateErrorLog)
 {
 	/* Only do the safemode/open_basedir check at runtime */
 	if ((stage == PHP_INI_STAGE_RUNTIME || stage == PHP_INI_STAGE_HTACCESS) &&
-			new_value && zend_string_equals_literal(new_value, "syslog")) {
+			new_value && !zend_string_equals_literal(new_value, "syslog") && ZSTR_LEN(new_value) > 0) {
 		if (PG(open_basedir) && php_check_open_basedir(ZSTR_VAL(new_value))) {
 			return FAILURE;
 		}
 	}
-	OnUpdateString(entry, new_value, mh_arg1, mh_arg2, mh_arg3, stage);
+	char **p = (char **) ZEND_INI_GET_ADDR();
+	*p = new_value && ZSTR_LEN(new_value) > 0 ? ZSTR_VAL(new_value) : NULL;
 	return SUCCESS;
 }
 /* }}} */
@@ -638,13 +639,14 @@ static PHP_INI_MH(OnUpdateErrorLog)
 /* {{{ PHP_INI_MH */
 static PHP_INI_MH(OnUpdateMailLog)
 {
-	/* Only do the safemode/open_basedir check at runtime */
-	if ((stage == PHP_INI_STAGE_RUNTIME || stage == PHP_INI_STAGE_HTACCESS) && new_value) {
+	/* Only do the open_basedir check at runtime */
+	if ((stage == PHP_INI_STAGE_RUNTIME || stage == PHP_INI_STAGE_HTACCESS) && new_value && ZSTR_LEN(new_value) > 0) {
 		if (PG(open_basedir) && php_check_open_basedir(ZSTR_VAL(new_value))) {
 			return FAILURE;
 		}
 	}
-	OnUpdateString(entry, new_value, mh_arg1, mh_arg2, mh_arg3, stage);
+	char **p = (char **) ZEND_INI_GET_ADDR();
+	*p = new_value && ZSTR_LEN(new_value) > 0 ? ZSTR_VAL(new_value) : NULL;
 	return SUCCESS;
 }
 /* }}} */
diff --git a/tests/security/error_log_special_values.phpt b/tests/security/error_log_special_values.phpt
new file mode 100644
index 0000000000000..949adb5e2538a
--- /dev/null
+++ b/tests/security/error_log_special_values.phpt
@@ -0,0 +1,13 @@
+--TEST--
+Setting error_log to special values with open_basedir enabled
+--INI--
+open_basedir=foo
+error_log=
+--FILE--
+<?php
+var_dump(ini_set("error_log", "syslog"));
+var_dump(ini_set("error_log", ""));
+?>
+--EXPECT--
+string(0) ""
+string(6) "syslog"

From 41538c9ff4c78f547a167013f53d56cc060e6187 Mon Sep 17 00:00:00 2001
From: Arnaud Le Blanc <arnaud.lb@gmail.com>
Date: Fri, 19 Sep 2025 19:02:49 +0200
Subject: [PATCH 4/4] NEWS

---
 NEWS | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/NEWS b/NEWS
index cdabc59a8f836..6bd00000a1000 100644
--- a/NEWS
+++ b/NEWS
@@ -11,6 +11,8 @@ PHP                                                                        NEWS
     array). (ilutov)
   . Fixed bug GH-19823 (register_argc_argv deprecation emitted twice when
     using OPcache). (timwolla)
+  . Fixed bug GH-19480 (error_log php.ini cannot be unset when open_basedir is
+    configured). (nielsdos)
 
 - Curl:
   . Fix cloning of CURLOPT_POSTFIELDS when using the clone operator instead