Skip to content

[pull] master from php:master#826

Merged
pull[bot] merged 10 commits into
dolfly:masterfrom
php:master
Jun 15, 2026
Merged

[pull] master from php:master#826
pull[bot] merged 10 commits into
dolfly:masterfrom
php:master

Conversation

@pull

@pull pull Bot commented Jun 15, 2026
edited
Loading

Copy link
Copy Markdown

See Commits and Changes for more details.

Created by pull[bot] (v2.0.0-alpha.4)

Can you help keep this open source service alive? 💖 Please sponsor : )

devnexen and others added 10 commits June 15, 2026 18:04
@devnexen
ext/soap: ignore empty SOAPAction header during server dispatch.
a9987fa 
Fix #22285

Since 8.5 SoapServer::handle() uses the HTTP SOAPAction header to select
the operation, falling back to the request body otherwise. An empty
header made every request match the first WSDL operation. Skip empty
SOAPAction headers so dispatch falls back to body inspection.

close GH-22304
@devnexen
Merge branch 'PHP-8.5'
de9472d 
* PHP-8.5:
  ext/soap: ignore empty SOAPAction header during server dispatch.
@devnexen
ext/openssl: openssl_encrypt() zend mm heap overflow on AES-WRAP-PAD …
1692268 
…mode.

Fix #22186

close GH-22187
@devnexen
Merge branch 'PHP-8.4' into PHP-8.5
ddbf829 
* PHP-8.4:
  ext/openssl: openssl_encrypt() zend mm heap overflow on AES-WRAP-PAD mode.
@devnexen
Merge branch 'PHP-8.5'
61c4449 
* PHP-8.5:
  ext/openssl: openssl_encrypt() zend mm heap overflow on AES-WRAP-PAD mode.
@iliaal
Fix SplObjectStorage getHash() guard leaking across a bailout
4f35c15 
The getHash() recursion guard increments a request-persistent counter
around the userland getHash() call but decrements it only on the normal
return path. A bailout inside an overridden getHash() (out-of-memory,
timeout, or any fatal) skips the decrement, and the counter is never
reset per request, so on a persistent SAPI every later request on the
same worker wrongly throws "Modification of SplObjectStorage during
getHash() is prohibited". Reset the counter in the SPL request init so
each request starts at zero regardless of how the previous one exited.

Closes GH-22308
@iliaal
Fix zend_string leak on case-variant duplicate setcookie() options
0c52780 
php_head_parse_cookie_options_array() matches option keys case
insensitively, but array keys are case sensitive, so a duplicate
differing only in case (e.g. "path" and "Path") overwrote the
previously fetched path/domain/samesite string without releasing it.
Release any value already stored before fetching the next one.

Closes GH-22309
@iliaal
Merge branch 'PHP-8.4' into PHP-8.5
fa0e11f 
* PHP-8.4:
  Fix zend_string leak on case-variant duplicate setcookie() options
@iliaal
Merge branch 'PHP-8.5'
77a9796 
* PHP-8.5:
  Fix zend_string leak on case-variant duplicate setcookie() options
@TimWolla
zend_ast: Always print encaps list variables with braces when exporti…
dee1317 
…ng AST (#22293)

The `"{$foo}"` variant of interpolating variables into a string is the only one
that reliably works all the time. Always use it for simplicity.

Fixes #22291.
@pull pull Bot locked and limited conversation to collaborators Jun 15, 2026
@pull pull Bot added the ⤵️ pull label Jun 15, 2026
@pull pull Bot merged commit dee1317 into dolfly:master Jun 15, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

⤵️ pull

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@devnexen @iliaal @TimWolla