Merge branch 'PHP-8.4' into PHP-8.5

* PHP-8.4: Fix GH-20435: SensitiveParameter doesn't work for named argument passing to variadic parameter Fix GH-20442: Phar does not respect case-insensitiveness of __halt_compiler() when reading stub
2026-03-24 00:02:20 +01:00 · 2025-11-10 22:44:16 +01:00
parent a0b918d3ee 3e715d3361
commit 5087cf3001
6 changed files with 62 additions and 34 deletions
--- a/6
+++ b/6
@@ -4,6 +4,8 @@ PHP                                                                        NEWS

 - Core:
  . Sync all boost.context files with release 1.86.0. (mvorisek)
+  . Fixed bug GH-20435 (SensitiveParameter doesn't work for named argument
+    passing to variadic parameter). (ndossche)

 - Standard:
  . Fix memory leak in array_diff() with custom type checks. (ndossche)
@@ -12,6 +14,10 @@ PHP                                                                        NEWS
  . Fixed bug GH-20329 (opcache.file_cache broken with full interned string
    buffer). (Arnaud)

+- Phar:
+  . Fixed bug GH-20442 (Phar does not respect case-insensitiveness of
+    __halt_compiler() when reading stub). (ndossche, TimWolla)
+
 06 Nov 2025, PHP 8.5.0RC4

 - Core:
--- a/Zend/tests/function_arguments/gh20435.phpt
+++ b/Zend/tests/function_arguments/gh20435.phpt
@@ -0,0 +1,14 @@
+--TEST--
+GH-20435 (SensitiveParameter doesn't work for named argument passing to variadic parameter)
+--FILE--
+<?php
+
+function test($a, #[\SensitiveParameter] ...$x) {
+	debug_print_backtrace();
+}
+
+test(b: 1, a: 2, c: 3);
+
+?>
+--EXPECTF--
+#0 %s(%d): test(2, b: Object(SensitiveParameterValue), c: Object(SensitiveParameterValue))
--- a/Zend/zend_builtin_functions.c
+++ b/Zend/zend_builtin_functions.c
@@ -1856,11 +1856,29 @@ static void debug_backtrace_get_args(zend_execute_data *call, zval *arg_array) /
 	if (ZEND_CALL_INFO(call) & ZEND_CALL_HAS_EXTRA_NAMED_PARAMS) {
 		zend_string *name;
 		zval *arg;
+
+		ZEND_ASSERT(call->func->common.fn_flags & ZEND_ACC_VARIADIC);
+
+		zend_attribute *attribute = zend_get_parameter_attribute_str(
+			call->func->common.attributes,
+			"sensitiveparameter",
+			sizeof("sensitiveparameter") - 1,
+			call->func->common.num_args
+		);
+		bool is_sensitive = attribute != NULL;
+
 		SEPARATE_ARRAY(arg_array);
 		ZEND_HASH_MAP_FOREACH_STR_KEY_VAL(call->extra_named_params, name, arg) {
 			ZVAL_DEREF(arg);
-			Z_TRY_ADDREF_P(arg);
-			zend_hash_add_new(Z_ARRVAL_P(arg_array), name, arg);
+			if (is_sensitive) {
+				zval redacted_arg;
+				object_init_ex(&redacted_arg, zend_ce_sensitive_parameter_value);
+				zend_call_method_with_1_params(Z_OBJ_P(&redacted_arg), zend_ce_sensitive_parameter_value, &zend_ce_sensitive_parameter_value->constructor, "__construct", NULL, arg);
+				zend_hash_add_new(Z_ARRVAL_P(arg_array), name, &redacted_arg);
+			} else {
+				Z_TRY_ADDREF_P(arg);
+				zend_hash_add_new(Z_ARRVAL_P(arg_array), name, arg);
+			}
 		} ZEND_HASH_FOREACH_END();
 	}
 }
--- a/ext/phar/phar.c
+++ b/ext/phar/phar.c
@@ -1600,35 +1600,6 @@ zend_result phar_open_from_filename(char *fname, size_t fname_len, char *alias,
 }
 /* }}}*/

-static inline char *phar_strnstr(const char *buf, size_t buf_len, const char *search, size_t search_len) /* {{{ */
-{
-	const char *c;
-	ptrdiff_t so_far = 0;
-
-	if (buf_len < search_len) {
-		return NULL;
-	}
-
-	c = buf - 1;
-
-	do {
-		if (!(c = memchr(c + 1, search[0], buf_len - search_len - so_far))) {
-			return (char *) NULL;
-		}
-
-		so_far = c - buf;
-
-		if (so_far >= (buf_len - search_len)) {
-			return (char *) NULL;
-		}
-
-		if (!memcmp(c, search, search_len)) {
-			return (char *) c;
-		}
-	} while (1);
-}
-/* }}} */
-
 /**
 * Scan an open fp for the required __HALT_COMPILER(); ?> token and verify
 * that the manifest is proper, then pass it to phar_parse_pharfile().  SUCCESS
@@ -1640,7 +1611,8 @@ static zend_result phar_open_from_fp(php_stream* fp, char *fname, size_t fname_l
 	static const char zip_magic[] = "PK\x03\x04";
 	static const char gz_magic[] = "\x1f\x8b\x08";
 	static const char bz_magic[] = "BZh";
-	char *pos, test = '\0';
+	const char *pos;
+	char test = '\0';
 	int recursion_count = 3; // arbitrary limit to avoid too deep or even infinite recursion
 	const int window_size = 1024;
 	char buffer[1024 + sizeof(token)]; /* a 1024 byte window + the size of the halt_compiler token (moving window) */
@@ -1789,14 +1761,14 @@ static zend_result phar_open_from_fp(php_stream* fp, char *fname, size_t fname_l
 			}

 			if (got >= 512) {
-				if (phar_is_tar(pos, fname)) {
+				if (phar_is_tar((char *) pos, fname)) { /* TODO: fix const correctness */
 					php_stream_rewind(fp);
 					return phar_parse_tarfile(fp, fname, fname_len, alias, alias_len, pphar, compression, error);
 				}
 			}
 		}

-		if (got > 0 && (pos = phar_strnstr(buffer, got + sizeof(token), token, sizeof(token)-1)) != NULL) {
+		if (got > 0 && (pos = php_memnistr(buffer, token, tokenlen, buffer + got + sizeof(token))) != NULL) {
 			halt_offset += (pos - buffer); /* no -tokenlen+tokenlen here */
 			return phar_parse_pharfile(fp, fname, fname_len, alias, alias_len, halt_offset, pphar, compression, error);
 		}
--- a/ext/phar/tests/files/gh20442.phar
+++ b/ext/phar/tests/files/gh20442.phar
--- a/ext/phar/tests/gh20442.phpt
+++ b/ext/phar/tests/gh20442.phpt
@@ -0,0 +1,18 @@
+--TEST--
+GH-20442 (Phar does not respect case-insensitiveness of __halt_compiler() when reading stub)
+--EXTENSIONS--
+phar
+--FILE--
+<?php
+
+$phar = new Phar(__DIR__.'/files/gh20442.phar');
+var_dump($phar->count());
+var_dump($phar->getStub());
+
+?>
+--EXPECT--
+int(1)
+string(50) "<?php
+echo "Hello World!";
+__halt_compiler(); ?>
+"