From d9d58c9d79a2fce949e4a8bdd5f02e02af017ca8 Mon Sep 17 00:00:00 2001
From: David Carlier <devnexen@gmail.com>
Date: Tue, 29 Apr 2025 22:48:16 +0100
Subject: [PATCH] Revert "Fixed GH-18458: `Authorization` set with
 CURLOPT_USERPWD with NULL value."

This reverts commit bb431f124c95b9ba003f15df1ad6fbbe768ec7c8.
---
 ext/curl/interface.c        | 18 +-----------------
 ext/curl/tests/gh18458.phpt | 20 --------------------
 2 files changed, 1 insertion(+), 37 deletions(-)
 delete mode 100644 ext/curl/tests/gh18458.phpt

diff --git a/ext/curl/interface.c b/ext/curl/interface.c
index dd4e0db3d77..fe647dbafd4 100644
--- a/ext/curl/interface.c
+++ b/ext/curl/interface.c
@@ -1900,6 +1900,7 @@ static zend_result _php_curl_setopt(php_curl *ch, zend_long option, zval *zvalue
 		case CURLOPT_SSLKEYTYPE:
 		case CURLOPT_SSL_CIPHER_LIST:
 		case CURLOPT_USERAGENT:
+		case CURLOPT_USERPWD:
 		case CURLOPT_COOKIELIST:
 		case CURLOPT_FTP_ALTERNATIVE_TO_USER:
 		case CURLOPT_SSH_HOST_PUBLIC_KEY_MD5:
@@ -1997,23 +1998,6 @@ static zend_result _php_curl_setopt(php_curl *ch, zend_long option, zval *zvalue
 			return ret;
 		}
 
-		case CURLOPT_USERPWD:
-		{
-			if (Z_ISNULL_P(zvalue)) {
-				// Authorization header would be implictly set
-				// with an empty string thus we explictly set the option
-				// to null to avoid this unwarranted side effect
-				error = curl_easy_setopt(ch->cp, option, NULL);
-			} else {
-				zend_string *tmp_str;
-				zend_string *str = zval_get_tmp_string(zvalue, &tmp_str);
-				zend_result ret = php_curl_option_str(ch, option, ZSTR_VAL(str), ZSTR_LEN(str));
-				zend_tmp_string_release(tmp_str);
-				return ret;
-			}
-			break;
-		}
-
 		/* Curl nullable string options */
 		case CURLOPT_CUSTOMREQUEST:
 		case CURLOPT_FTPPORT:
diff --git a/ext/curl/tests/gh18458.phpt b/ext/curl/tests/gh18458.phpt
deleted file mode 100644
index 34be6797e48..00000000000
--- a/ext/curl/tests/gh18458.phpt
+++ /dev/null
@@ -1,20 +0,0 @@
---TEST--
-GH-18458 authorization header is set despite CURLOPT_USERPWD set to null
---EXTENSIONS--
-curl
---SKIPIF--
-<?php
-include 'skipif-nocaddy.inc';
-?>
---FILE--
-<?php
-
-$ch = curl_init("https://localhost/userpwd");
-curl_setopt($ch, CURLOPT_USERPWD, null);
-curl_setopt($ch, CURLOPT_VERBOSE, true);
-curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
-$response = curl_exec($ch);
-var_dump(str_contains($response, "authorization"));
-?>
---EXPECT--
-bool(false)