From 3b609a14e552da385a7ac004429ed138fff00dac Mon Sep 17 00:00:00 2001
From: Arshid <arshidkv12@gmail.com>
Date: Tue, 24 Feb 2026 02:02:14 +0530
Subject: [PATCH 1/3] Zend: Replace RETVAL_TRUE/RETVAL_FALSE with RETVAL_BOOL
 (#21277)

---
 Zend/zend_builtin_functions.c | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/Zend/zend_builtin_functions.c b/Zend/zend_builtin_functions.c
index 09d8793fd56e..355e562489d8 100644
--- a/Zend/zend_builtin_functions.c
+++ b/Zend/zend_builtin_functions.c
@@ -2228,11 +2228,7 @@ ZEND_FUNCTION(extension_loaded)
 	}
 
 	lcname = zend_string_tolower(extension_name);
-	if (zend_hash_exists(&module_registry, lcname)) {
-		RETVAL_TRUE;
-	} else {
-		RETVAL_FALSE;
-	}
+	RETVAL_BOOL(zend_hash_exists(&module_registry, lcname));
 	zend_string_release_ex(lcname, 0);
 }
 /* }}} */

From aa44392dfc0493baa4ce9619aa304825bb7c66d8 Mon Sep 17 00:00:00 2001
From: David Carlier <devnexen@gmail.com>
Date: Fri, 20 Feb 2026 13:05:39 +0000
Subject: [PATCH 2/3] Fix GH-21262: ldap_modify() too strict controls argument
 validation.

make it impossible to unset an attribute.

close GH-21263
---
 NEWS                        |  4 +++
 ext/ldap/ldap.c             | 11 +++++---
 ext/ldap/tests/gh21262.phpt | 50 +++++++++++++++++++++++++++++++++++++
 3 files changed, 62 insertions(+), 3 deletions(-)
 create mode 100644 ext/ldap/tests/gh21262.phpt

diff --git a/NEWS b/NEWS
index 3e86ad6eb631..efa26ba5e2b3 100644
--- a/NEWS
+++ b/NEWS
@@ -33,6 +33,10 @@ PHP                                                                        NEWS
   . Fixed bug GH-21097 (Accessing Dom\Node properties can can throw TypeError).
     (ndossche)
 
+- LDAP:
+  . Fixed bug GH-21262 (ldap_modify() too strict controls argument validation
+    makes it impossible to unset attribute). (David Carlier)
+
 - MBString:
   . Fixed bug GH-21223; mb_guess_encoding no longer crashes when passed huge
     list of candidate encodings (with 200,000+ entries). (Jordi Kroon)
diff --git a/ext/ldap/ldap.c b/ext/ldap/ldap.c
index 86ac58c5273c..40d936bc4222 100644
--- a/ext/ldap/ldap.c
+++ b/ext/ldap/ldap.c
@@ -2339,9 +2339,14 @@ static void php_ldap_do_modify(INTERNAL_FUNCTION_PARAMETERS, int oper, bool ext)
 			SEPARATE_ARRAY(attribute_values);
 			uint32_t num_values = zend_hash_num_elements(Z_ARRVAL_P(attribute_values));
 			if (num_values == 0) {
-				zend_argument_value_error(3, "attribute \"%s\" must be a non-empty list of attribute values", ZSTR_VAL(attribute));
-				RETVAL_FALSE;
-				goto cleanup;
+				if (UNEXPECTED(oper == LDAP_MOD_ADD)) {
+					zend_argument_value_error(3, "attribute \"%s\" must be a non-empty list of attribute values", ZSTR_VAL(attribute));
+					RETVAL_FALSE;
+					goto cleanup;
+				}
+				/* When we modify, we mean we delete the attribute */
+				attribute_index++;
+				continue;
 			}
 			if (!php_ldap_is_numerically_indexed_array(Z_ARRVAL_P(attribute_values))) {
 				zend_argument_value_error(3, "attribute \"%s\" must be an array of attribute values with numeric keys", ZSTR_VAL(attribute));
diff --git a/ext/ldap/tests/gh21262.phpt b/ext/ldap/tests/gh21262.phpt
new file mode 100644
index 000000000000..3e414a9cbb12
--- /dev/null
+++ b/ext/ldap/tests/gh21262.phpt
@@ -0,0 +1,50 @@
+--TEST--
+GH-21262 (ldap_modify() too strict controls argument validation)
+--EXTENSIONS--
+ldap
+--FILE--
+<?php
+/* We are assuming 3333 is not connectable */
+$ldap = ldap_connect('ldap://127.0.0.1:3333');
+$valid_dn = "cn=userA,something";
+
+$entry_with_empty_array = [
+	'attribute1' => 'value',
+	'attribute2' => [],
+];
+
+// ldap_add() should still reject empty arrays
+try {
+	ldap_add($ldap, $valid_dn, $entry_with_empty_array);
+} catch (ValueError $e) {
+	echo $e->getMessage(), PHP_EOL;
+}
+
+// ldap_mod_add() should still reject empty arrays
+try {
+	ldap_mod_add($ldap, $valid_dn, $entry_with_empty_array);
+} catch (ValueError $e) {
+	echo $e->getMessage(), PHP_EOL;
+}
+
+// ldap_modify() should accept empty arrays (delete attribute)
+try {
+	@ldap_modify($ldap, $valid_dn, $entry_with_empty_array);
+	echo "ldap_modify: no ValueError thrown", PHP_EOL;
+} catch (ValueError $e) {
+	echo "ldap_modify: UNEXPECTED ValueError: ", $e->getMessage(), PHP_EOL;
+}
+
+// ldap_mod_del() should accept empty arrays (delete attribute)
+try {
+	@ldap_mod_del($ldap, $valid_dn, $entry_with_empty_array);
+	echo "ldap_mod_del: no ValueError thrown", PHP_EOL;
+} catch (ValueError $e) {
+	echo "ldap_mod_del: UNEXPECTED ValueError: ", $e->getMessage(), PHP_EOL;
+}
+?>
+--EXPECT--
+ldap_add(): Argument #3 ($entry) attribute "attribute2" must be a non-empty list of attribute values
+ldap_mod_add(): Argument #3 ($entry) attribute "attribute2" must be a non-empty list of attribute values
+ldap_modify: no ValueError thrown
+ldap_mod_del: no ValueError thrown

From 296fad10fb4e1a572ec05269bc798f68cddc72fa Mon Sep 17 00:00:00 2001
From: David Carlier <devnexen@gmail.com>
Date: Thu, 19 Feb 2026 20:07:44 +0000
Subject: [PATCH 3/3] ext/pcntl: fix pcntl_signal_dispatch() stale tail pointer
 and exception handling.

close GH-21259
---
 NEWS                                          |  2 ++
 ext/pcntl/pcntl.c                             | 12 +++++++
 .../pcntl_signal_dispatch_exception.phpt      | 34 +++++++++++++++++++
 3 files changed, 48 insertions(+)
 create mode 100644 ext/pcntl/tests/pcntl_signal_dispatch_exception.phpt

diff --git a/NEWS b/NEWS
index 6a1388a961c5..28187bd8590e 100644
--- a/NEWS
+++ b/NEWS
@@ -50,6 +50,8 @@ PHP                                                                        NEWS
     on NetBSD/Solaris platforms. (David Carlier)
   . Fixed pcntl_signal() signal table registering the callback first
     OS-wise before the internal list. (David Carlier)
+  . Fixed pcntl_signal_dispatch() stale pointer and exception
+    handling. (David Carlier)
 
 - PDO_PGSQL:
   . Fixed bug GH-21055 (connection attribute status typo for GSS negotiation).
diff --git a/ext/pcntl/pcntl.c b/ext/pcntl/pcntl.c
index de8d7dfecfd7..082bdc4ba90e 100644
--- a/ext/pcntl/pcntl.c
+++ b/ext/pcntl/pcntl.c
@@ -1343,6 +1343,7 @@ void pcntl_signal_dispatch(void)
 
 	queue = PCNTL_G(head);
 	PCNTL_G(head) = NULL; /* simple stores are atomic */
+	PCNTL_G(tail) = NULL;
 
 	/* Allocate */
 	while (queue) {
@@ -1364,6 +1365,9 @@ void pcntl_signal_dispatch(void)
 #ifdef HAVE_STRUCT_SIGINFO_T
 				zval_ptr_dtor(&params[1]);
 #endif
+				if (EG(exception)) {
+					break;
+				}
 			}
 		}
 
@@ -1373,6 +1377,14 @@ void pcntl_signal_dispatch(void)
 		queue = next;
 	}
 
+	/* drain the remaining in case of exception thrown */
+	while (queue) {
+		next = queue->next;
+		queue->next = PCNTL_G(spares);
+		PCNTL_G(spares) = queue;
+		queue = next;
+	}
+
 	PCNTL_G(pending_signals) = 0;
 
 	/* Re-enable queue */
diff --git a/ext/pcntl/tests/pcntl_signal_dispatch_exception.phpt b/ext/pcntl/tests/pcntl_signal_dispatch_exception.phpt
new file mode 100644
index 000000000000..06c4f827c6ef
--- /dev/null
+++ b/ext/pcntl/tests/pcntl_signal_dispatch_exception.phpt
@@ -0,0 +1,34 @@
+--TEST--
+pcntl_signal_dispatch() stops dispatching after handler throws exception
+--EXTENSIONS--
+pcntl
+posix
+--FILE--
+<?php
+
+$called = [];
+
+pcntl_signal(SIGUSR1, function ($signo) use (&$called) {
+    $called[] = 'SIGUSR1';
+    throw new \Exception('Exception in signal handler');
+});
+
+pcntl_signal(SIGUSR2, function ($signo) use (&$called) {
+    $called[] = 'SIGUSR2';
+});
+
+posix_kill(posix_getpid(), SIGUSR1);
+posix_kill(posix_getpid(), SIGUSR2);
+
+try {
+    pcntl_signal_dispatch();
+} catch (\Exception $e) {
+    echo $e->getMessage() . "\n";
+}
+
+echo "Handlers called: " . implode(', ', $called) . "\n";
+
+?>
+--EXPECT--
+Exception in signal handler
+Handlers called: SIGUSR1