Merge branch 'PHP-8.2'

iluuu1994 · iluuu1994 · commit 3ad2cc7598dd · 2022-09-22T11:38:24.000+02:00
* PHP-8.2:
  PS(mod_user_class_name) must not leak into next request
diff --git a/ext/session/session.c b/ext/session/session.c
@@ -142,6 +142,11 @@ static inline void php_rshutdown_session_globals(void) /* {{{ */
 		PS(session_vars) = NULL;
 	}
 
+	if (PS(mod_user_class_name)) {
+		zend_string_release(PS(mod_user_class_name));
+		PS(mod_user_class_name) = NULL;
+	}
+
 	/* User save handlers may end up directly here by misuse, bugs in user script, etc. */
 	/* Set session status to prevent error while restoring save handler INI value. */
 	PS(session_status) = php_session_none;
diff --git a/ext/session/tests/gh9584.phpt b/ext/session/tests/gh9584.phpt
@@ -0,0 +1,55 @@
+--TEST--
+GH-9584: PS(mod_user_class_name) must not leak into next request
+--EXTENSIONS--
+session
+--SKIPIF--
+<?php include('skipif.inc'); ?>
+--FILE--
+<?php
+
+class MySessionHandler extends SessionHandler implements SessionUpdateTimestampHandlerInterface
+{
+    public function open($path, $sessname): bool {
+        return true;
+    }
+
+    public function close(): bool {
+        return true;
+    }
+
+    public function read($sessid): string|false {
+        return 'foo|s:3:"foo";';
+    }
+
+    public function write($sessid, $sessdata): bool {
+        return false;
+    }
+
+    public function destroy($sessid): bool {
+        return true;
+    }
+
+    public function gc($maxlifetime): int|false {
+        return true;
+    }
+
+    public function create_sid(): string {
+        return sha1(random_bytes(32));
+    }
+
+    public function validateId($sid): bool {
+        return true;
+    }
+
+    public function updateTimestamp($sessid, $sessdata): bool {
+        return false;
+    }
+}
+
+$handler = new MySessionHandler();
+session_set_save_handler($handler);
+
+?>
+===DONE===
+--EXPECT--
+===DONE===
