archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-15 21:48:51 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Merge branch 'PHP-8.3' into PHP-8.4

Browse source
This commit is contained in:
David Carlier 2025-05-02 21:32:20 +01:00
commit 351face053
No known key found for this signature in database
GPG key ID: 8486F847B4B94EF1
3 changed files with 44 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

5
NEWS
View file

@ -2,6 +2,11 @@ PHP NEWS
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
?? ??? ????, PHP 8.4.8
- Curl:
. Fixed GH-18460 (curl_easy_setopt with CURLOPT_USERPWD/CURLOPT_USERNAME/
CURLOPT_PASSWORD set the Authorization header when set to NULL).
(David Carlier)
- Date:
. Fixed bug GH-18076 (Since PHP 8, the date_sun_info() function returns
inaccurate sunrise and sunset times, but other calculated times are

9
ext/curl/interface.c
View file

@ -1874,14 +1874,11 @@ static zend_result _php_curl_setopt(php_curl *ch, zend_long option, zval *zvalue
case CURLOPT_SSLKEYTYPE:
case CURLOPT_SSL_CIPHER_LIST:
case CURLOPT_USERAGENT:
case CURLOPT_USERPWD:
case CURLOPT_COOKIELIST:
case CURLOPT_FTP_ALTERNATIVE_TO_USER:
case CURLOPT_SSH_HOST_PUBLIC_KEY_MD5:
case CURLOPT_PASSWORD:
case CURLOPT_PROXYPASSWORD:
case CURLOPT_PROXYUSERNAME:
case CURLOPT_USERNAME:
case CURLOPT_NOPROXY:
case CURLOPT_SOCKS5_GSSAPI_SERVICE:
case CURLOPT_MAIL_FROM:
@ -1975,6 +1972,12 @@ static zend_result _php_curl_setopt(php_curl *ch, zend_long option, zval *zvalue
case CURLOPT_HSTS:
#endif
case CURLOPT_KRBLEVEL:
// Authorization header would be implictly set
// with an empty string thus we explictly set the option
// to null to avoid this unwarranted side effect
case CURLOPT_USERPWD:
case CURLOPT_USERNAME:
case CURLOPT_PASSWORD:
{
if (Z_ISNULL_P(zvalue)) {
error = curl_easy_setopt(ch->cp, option, NULL);

33
ext/curl/tests/gh18458.phpt Normal file
View file

@ -0,0 +1,33 @@
--TEST--
GH-18458 (authorization header is set despite CURLOPT_USERPWD set to null)
--EXTENSIONS--
curl
--SKIPIF--
<?php
include 'skipif-nocaddy.inc';
?>
--FILE--
<?php
$ch = curl_init("https://localhost/userpwd");
curl_setopt($ch, CURLOPT_USERPWD, null);
curl_setopt($ch, CURLOPT_VERBOSE, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_STDERR, fopen("php://stdout", "w"));
$response = curl_exec($ch);
var_dump(str_contains($response, "authorization"));
$ch = curl_init("https://localhost/username");
curl_setopt($ch, CURLOPT_USERNAME, null);
curl_setopt($ch, CURLOPT_PASSWORD, null);
curl_setopt($ch, CURLOPT_VERBOSE, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_STDERR, fopen("php://stdout", "w"));
$response = curl_exec($ch);
var_dump(str_contains($response, "authorization"));
?>
--EXPECTF--
%A
bool(false)
%A
bool(false)