ext/spl: ArrayObject no longer accepts arbitrary Iterators during unserialization (#22090)

This aligns the behaviour with the constructor of ArrayObject.

Author: arshidkv12

ext/spl/spl_array.c

@@ -1482,9 +1482,9 @@ PHP_METHOD(ArrayObject, __unserialize)
 			RETURN_THROWS();
 		}
 
-		if (!instanceof_function(ce, zend_ce_iterator)) {
+		if (!instanceof_function(ce, spl_ce_ArrayIterator)) {
 			zend_throw_exception_ex(spl_ce_UnexpectedValueException, 0,
-				"Cannot deserialize ArrayObject with iterator class '%s'; this class does not implement the Iterator interface",
+				"Cannot deserialize ArrayObject with iterator class '%s'; this class is not derived from ArrayIterator",
 				ZSTR_VAL(Z_STR_P(iterator_class_zv)));
 			RETURN_THROWS();
 		}

ext/spl/tests/GH-22047.phpt

@@ -0,0 +1,19 @@
+--TEST--
+GH-22047: ArrayObject invalid iterator class in serialized payload
+--FILE--
+<?php
+
+$payload = 'O:11:"ArrayObject":4:{i:0;i:0;i:1;a:2:{i:4;d:0.0;i:1;b:1;}i:2;a:0:{}i:3;s:12:"GlobIterator";}';
+
+try {
+    $obj = unserialize($payload);
+    foreach ($obj as $k => $v) {
+        echo "should not reach here\n";
+    }
+} catch (UnexpectedValueException $e) {
+    echo $e->getMessage(), "\n";
+}
+
+?>
+--EXPECTF--
+Cannot deserialize ArrayObject with iterator class 'GlobIterator'; this class is not derived from ArrayIterator

ext/spl/tests/unserialize_errors.phpt

@@ -144,7 +144,7 @@ Incomplete or ill-typed serialization data
 Passed variable is not an array or object
 Incomplete or ill-typed serialization data
 Cannot deserialize ArrayObject with iterator class 'NonExistent'; no such class exists
-Cannot deserialize ArrayObject with iterator class 'Existent'; this class does not implement the Iterator interface
+Cannot deserialize ArrayObject with iterator class 'Existent'; this class is not derived from ArrayIterator
 ArrayIterator:
 Incomplete or ill-typed serialization data
 Incomplete or ill-typed serialization data