Deprecate implicit bool to string coercion

.github/workflows/close-needs-feedback.yml

@@ -6,6 +6,7 @@ on:
 
 jobs:
   build:
+    if: github.repository_owner == 'php'
     runs-on: ubuntu-latest
     steps:
       - name: Close old issues that need feedback

.github/workflows/close-stale-prs.yml

@@ -6,6 +6,7 @@ on:
 
 jobs:
   stale:
+    if: github.repository_owner == 'php'
     runs-on: ubuntu-latest
     steps:
       - uses: actions/stale@v4

.github/workflows/remove-needs-feedback.yml

@@ -7,7 +7,7 @@ on:
 
 jobs:
   build:
-    if: "contains(github.event.issue.labels.*.name, 'Status: Needs Feedback') && github.event.issue.user.login == github.event.sender.login"
+    if: "github.repository_owner == 'php' && contains(github.event.issue.labels.*.name, 'Status: Needs Feedback') && github.event.issue.user.login == github.event.sender.login"
     runs-on: ubuntu-latest
     steps:
       - uses: actions-ecosystem/action-remove-labels@v1

NEWS

@@ -10,6 +10,7 @@ PHP                                                                        NEWS
 
 - Intl:
   . Update all grandfathered language tags with preferred values
+  . Fixed GH-7939 (Cannot unserialize IntlTimeZone objects). (cmb)
 
 - OCI8:
   . Added oci8.prefetch_lob_size directive to tune LOB query performance

UPGRADING

@@ -126,6 +126,14 @@ PHP 8.2 UPGRADE NOTES
 9. Other Changes to Extensions
 ========================================
 
+- Intl:
+  . IntlBreakIterator, IntlRuleBasedBreakIterator, IntlCodePointBreakIterator,
+    IntlPartsIterator, IntlCalendar, IntlCalendar, Collator, IntlIterator,
+    UConverter, IntlDateFormatter, IntlDatePatternGenerator, MessageFormatter,
+    ResourceBundle, Spoofchecker, IntlTimeZone and Transliterator instances are
+    no longer serializable. Previously, they could be serialized, but
+    unserialization yielded unusable objects or failed.
+
 - OCI8:
   . The minimum Oracle Client library version required is now 11.2.
 

Zend/Optimizer/dfa_pass.c

@@ -1304,6 +1304,7 @@ void zend_dfa_optimize_op_array(zend_op_array *op_array, zend_optimizer_ctx *ctx
 
 				if (src_var >= 0
 				 && !(ssa->var_info[src_var].type & MAY_BE_REF)
+				 && (ssa->var_info[src_var].type & (MAY_BE_UNDEF|MAY_BE_ANY))
 				 && ssa->vars[src_var].definition >= 0
 				 && ssa->ops[ssa->vars[src_var].definition].result_def == src_var
 				 && ssa->ops[ssa->vars[src_var].definition].result_use < 0
@@ -1463,6 +1464,7 @@ void zend_dfa_optimize_op_array(zend_op_array *op_array, zend_optimizer_ctx *ctx
 					if ((opline->op2_type & (IS_TMP_VAR|IS_VAR))
 					 && src_var >= 0
 					 && !(ssa->var_info[src_var].type & MAY_BE_REF)
+					 && (ssa->var_info[src_var].type & (MAY_BE_UNDEF|MAY_BE_ANY))
 					 && ssa->vars[src_var].definition >= 0
 					 && ssa->ops[ssa->vars[src_var].definition].result_def == src_var
 					 && ssa->ops[ssa->vars[src_var].definition].result_use < 0

Zend/tests/017.phpt

@@ -51,6 +51,8 @@ string(5) "array"
 int(%d)
 string(5) "array"
 int(%d)
+
+Deprecated: Implicit bool to string coercion is deprecated in %s on line %d
 bool(false)
 string(5) "array"
 int(%d)

Zend/tests/call_user_func_strict_arginfo_check.phpt

@@ -10,5 +10,6 @@ namespace Foo;
 var_dump(call_user_func('strlen', false));
 
 ?>
---EXPECT--
+--EXPECTF--
+Deprecated: Implicit bool to string coercion is deprecated in %s on line %d
 int(0)

Zend/tests/generators/errors/resume_running_generator_error_002.phpt

@@ -0,0 +1,17 @@
+--TEST--
+Memory leak when resume an already running generator
+--FILE--
+<?php
+function gen() {
+    $g = yield;
+    $g->send($g);
+}
+$gen = gen();
+try {
+    $gen->send($gen);
+} catch (Throwable $e) {
+    echo $e->getMessage() . "\n";	
+}
+?>
+--EXPECT--
+Cannot resume an already running generator

Zend/tests/gh8083.phpt

@@ -0,0 +1,22 @@
+--TEST--
+GH-8083 (var_dump() on closure with static variable segfaults)
+--FILE--
+<?php
+
+function func() {
+    static $i;
+}
+
+$x = func(...);
+
+var_dump($x);
+
+?>
+--EXPECT--
+object(Closure)#1 (1) {
+  ["static"]=>
+  array(1) {
+    ["i"]=>
+    NULL
+  }
+}

Zend/tests/type_declarations/scalar_basic.phpt

@@ -197,9 +197,11 @@ string(%d) "%d"
 string(3) "NAN"
 
 *** Trying bool(true)
+E_DEPRECATED: Implicit bool to string coercion is deprecated on line 16
 string(1) "1"
 
 *** Trying bool(false)
+E_DEPRECATED: Implicit bool to string coercion is deprecated on line 16
 string(0) ""
 
 *** Trying NULL

Zend/tests/type_declarations/scalar_return_basic_64bit.phpt

@@ -158,8 +158,10 @@ string(19) "9223372036854775807"
 *** Trying float(NAN)
 string(3) "NAN"
 *** Trying bool(true)
+E_DEPRECATED: Implicit bool to string coercion is deprecated on line 16
 string(1) "1"
 *** Trying bool(false)
+E_DEPRECATED: Implicit bool to string coercion is deprecated on line 16
 string(0) ""
 *** Trying NULL
 *** Caught {closure}(): Return value must be of type string, null returned in %s on line %d

Zend/tests/type_declarations/union_types/type_checking_weak.phpt

@@ -181,8 +181,8 @@ INF              => "INF"
 "42x"            => "42x"
 "x"              => "x"
 ""               => ""
-true             => "1"
-false            => ""
+true             => "1" (Implicit bool to string coercion is deprecated)
+false            => "" (Implicit bool to string coercion is deprecated)
 null             => Argument ... must be of type array|string, null given
 []               => []
 new stdClass     => Argument ... must be of type array|string, stdClass given

Zend/zend_API.c

@@ -652,6 +652,9 @@ ZEND_API bool ZEND_FASTCALL zend_parse_arg_str_weak(zval *arg, zend_string **des
 		if (UNEXPECTED(Z_TYPE_P(arg) == IS_NULL) && !zend_null_arg_deprecated("string", arg_num)) {
 			return 0;
 		}
+		if (UNEXPECTED(Z_TYPE_P(arg) == IS_TRUE || Z_TYPE_P(arg) == IS_FALSE)) {
+			zend_error(E_DEPRECATED, "Implicit bool to string coercion is deprecated");
+		}
 		convert_to_string(arg);
 		*dest = Z_STR_P(arg);
 	} else if (UNEXPECTED(Z_TYPE_P(arg) == IS_OBJECT)) {

Zend/zend_generators.c

@@ -938,6 +938,7 @@ ZEND_METHOD(Generator, send)
 	root = zend_generator_get_current(generator);
 	/* Put sent value in the target VAR slot, if it is used */
 	if (root->send_target) {
+		zval_ptr_dtor(root->send_target);
 		ZVAL_COPY(root->send_target, value);
 	}
 

build/gen_stub.php

@@ -1756,7 +1756,7 @@ function (Name $item) {
         }
 
         if ($this->alias) {
-            $code .= "\tzend_register_class_alias(\"" . str_replace("\\", "_", $this->alias) . "\", class_entry);\n";
+            $code .= "\tzend_register_class_alias(\"" . str_replace("\\", "\\\\", $this->alias) . "\", class_entry);\n";
         }
 
         foreach ($this->enumCaseInfos as $enumCase) {

ext/filter/logical_filters.c

@@ -444,10 +444,10 @@ void php_filter_float(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */
 
 	switch (is_numeric_string(num, p - num, &lval, &dval, 0)) {
 		case IS_LONG:
-			zval_ptr_dtor(value);
 			if ((min_range_set && (lval < min_range)) || (max_range_set && (lval > max_range))) {
 				goto error;
 			}
+			zval_ptr_dtor(value);
 			ZVAL_DOUBLE(value, (double)lval);
 			break;
 		case IS_DOUBLE:

ext/filter/tests/bug81708.phpt

@@ -0,0 +1,18 @@
+--TEST--
+Bug #81708 (UAF due to php_filter_float() failing for ints)
+--EXTENSIONS--
+filter
+--INI--
+opcache.enable_cli=0
+--FILE--
+<?php
+$input = "+" . str_repeat("1", 2); // avoid string interning
+filter_var(
+    $input,
+    FILTER_VALIDATE_FLOAT,
+    ["options" => ['min_range' => -1, 'max_range' => 1]]
+);
+var_dump($input);
+?>
+--EXPECT--
+string(3) "+11"

ext/iconv/tests/bug48147.phpt

@@ -20,8 +20,12 @@ bool(false)
 string(10) "aa%C3%B8aa"
 
 Notice: iconv(): Detected an incomplete multibyte character in input string in %s on line %d
+
+Deprecated: Implicit bool to string coercion is deprecated in %s on line %d
 string(0) ""
 string(8) "%C3%B8aa"
 
 Notice: iconv(): Detected an incomplete multibyte character in input string in %s on line %d
+
+Deprecated: Implicit bool to string coercion is deprecated in %s on line %d
 string(0) ""

ext/iconv/tests/iconv_mime_decode.phpt

@@ -70,12 +70,14 @@ do_regression_test();
 (32) "Subject: Prüfung PrüfungkůÔńÓlet"
 (31) "Subject: PrüfungPrüfungkůÔńÓlet"
 2: iconv_mime_decode(): Malformed string
+8192: Implicit bool to string coercion is deprecated
 (0) ""
 (27) "From: サンプル文字列サンプル文字列日本語テキスト"
 (31) "Subject: PrüfungPrüfungkůÔńÓlet"
 (32) "Subject: Prüfung PrüfungkůÔńÓlet"
 (100) "Subject: =?ISO-8859-1?Q?Pr=FCfung?==?ISO-8859-1*de_DE?Q?Pr=FCfung?==?ISO-8859-2?Q?k=F9=D4=F1=D3let?="
 2: iconv_mime_decode(): Malformed string
+8192: Implicit bool to string coercion is deprecated
 (0) ""
 (27) "From: サンプル文字列サンプル文字列日本語テキスト"
 (31) "Subject: PrüfungPrüfungkůÔńÓlet"

ext/intl/breakiterator/breakiterator.stub.php

@@ -2,6 +2,7 @@
 
 /** @generate-class-entries */
 
+/** @not-serializable */
 class IntlBreakIterator implements IteratorAggregate
 {
     /** @tentative-return-type */
@@ -69,6 +70,7 @@ public function setText(string $text): ?bool {} // TODO return false instead of
     public function getIterator(): Iterator {}
 }
 
+/** @not-serializable */
 class IntlRuleBasedBreakIterator extends IntlBreakIterator
 {
     public function __construct(string $rules, bool $compiled = false) {}
@@ -86,6 +88,7 @@ public function getRuleStatus(): int {}
     public function getRuleStatusVec(): array|false {}
 }
 
+/** @not-serializable */
 class IntlCodePointBreakIterator extends IntlBreakIterator
 {
     /** @tentative-return-type */

ext/intl/breakiterator/breakiterator_arginfo.h

@@ -1,5 +1,5 @@
 /* This is a generated file, edit the .stub.php file instead.
- * Stub hash: 1979da7ee2fa55b27f1c91bb4e0ddc37e8505b08 */
+ * Stub hash: 724e0c36ee113b67906cc9a8cea23781f0a961bf */
 
 ZEND_BEGIN_ARG_WITH_TENTATIVE_RETURN_OBJ_INFO_EX(arginfo_class_IntlBreakIterator_createCharacterInstance, 0, 0, IntlBreakIterator, 1)
 	ZEND_ARG_TYPE_INFO_WITH_DEFAULT_VALUE(0, locale, IS_STRING, 1, "null")
@@ -161,6 +161,7 @@ static zend_class_entry *register_class_IntlBreakIterator(zend_class_entry *clas
 
 	INIT_CLASS_ENTRY(ce, "IntlBreakIterator", class_IntlBreakIterator_methods);
 	class_entry = zend_register_internal_class_ex(&ce, NULL);
+	class_entry->ce_flags |= ZEND_ACC_NOT_SERIALIZABLE;
 	zend_class_implements(class_entry, 1, class_entry_IteratorAggregate);
 
 	return class_entry;
@@ -172,6 +173,7 @@ static zend_class_entry *register_class_IntlRuleBasedBreakIterator(zend_class_en
 
 	INIT_CLASS_ENTRY(ce, "IntlRuleBasedBreakIterator", class_IntlRuleBasedBreakIterator_methods);
 	class_entry = zend_register_internal_class_ex(&ce, class_entry_IntlBreakIterator);
+	class_entry->ce_flags |= ZEND_ACC_NOT_SERIALIZABLE;
 
 	return class_entry;
 }
@@ -182,6 +184,7 @@ static zend_class_entry *register_class_IntlCodePointBreakIterator(zend_class_en
 
 	INIT_CLASS_ENTRY(ce, "IntlCodePointBreakIterator", class_IntlCodePointBreakIterator_methods);
 	class_entry = zend_register_internal_class_ex(&ce, class_entry_IntlBreakIterator);
+	class_entry->ce_flags |= ZEND_ACC_NOT_SERIALIZABLE;
 
 	return class_entry;
 }

ext/intl/breakiterator/breakiterator_iterators.stub.php

@@ -2,6 +2,7 @@
 
 /** @generate-class-entries */
 
+/** @not-serializable */
 class IntlPartsIterator extends IntlIterator
 {
     /** @tentative-return-type */

ext/intl/breakiterator/breakiterator_iterators_arginfo.h

@@ -1,5 +1,5 @@
 /* This is a generated file, edit the .stub.php file instead.
- * Stub hash: 267199a0a3532b5acf1d700f14329cdb2f2db0e1 */
+ * Stub hash: f72f108e37541ac042bb25249ef226211c344189 */
 
 ZEND_BEGIN_ARG_WITH_TENTATIVE_RETURN_OBJ_INFO_EX(arginfo_class_IntlPartsIterator_getBreakIterator, 0, 0, IntlBreakIterator, 0)
 ZEND_END_ARG_INFO()
@@ -24,6 +24,7 @@ static zend_class_entry *register_class_IntlPartsIterator(zend_class_entry *clas
 
 	INIT_CLASS_ENTRY(ce, "IntlPartsIterator", class_IntlPartsIterator_methods);
 	class_entry = zend_register_internal_class_ex(&ce, class_entry_IntlIterator);
+	class_entry->ce_flags |= ZEND_ACC_NOT_SERIALIZABLE;
 
 	return class_entry;
 }

ext/intl/calendar/calendar.stub.php

@@ -2,6 +2,7 @@
 
 /** @generate-class-entries */
 
+/** @not-serializable */
 class IntlCalendar
 {
     private function __construct() {}
@@ -281,6 +282,7 @@ public function setTimeZone($timezone): bool {}
     public function toDateTime(): DateTime|false {}
 }
 
+/** @not-serializable */
 class IntlGregorianCalendar extends IntlCalendar
 {
     /**

ext/intl/calendar/calendar_arginfo.h

@@ -1,5 +1,5 @@
 /* This is a generated file, edit the .stub.php file instead.
- * Stub hash: 7be0e49d2b898587c4bbefaaf613932ae4786c52 */
+ * Stub hash: 0096dc9e60e2256054d23344e024df1d6527a5fa */
 
 ZEND_BEGIN_ARG_INFO_EX(arginfo_class_IntlCalendar___construct, 0, 0, 0)
 ZEND_END_ARG_INFO()
@@ -291,6 +291,7 @@ static zend_class_entry *register_class_IntlCalendar(void)
 
 	INIT_CLASS_ENTRY(ce, "IntlCalendar", class_IntlCalendar_methods);
 	class_entry = zend_register_internal_class_ex(&ce, NULL);
+	class_entry->ce_flags |= ZEND_ACC_NOT_SERIALIZABLE;
 
 	return class_entry;
 }
@@ -301,6 +302,7 @@ static zend_class_entry *register_class_IntlGregorianCalendar(zend_class_entry *
 
 	INIT_CLASS_ENTRY(ce, "IntlGregorianCalendar", class_IntlGregorianCalendar_methods);
 	class_entry = zend_register_internal_class_ex(&ce, class_entry_IntlCalendar);
+	class_entry->ce_flags |= ZEND_ACC_NOT_SERIALIZABLE;
 
 	return class_entry;
 }

ext/intl/collator/collator.stub.php

@@ -2,6 +2,7 @@
 
 /** @generate-class-entries */
 
+/** @not-serializable */
 class Collator
 {
     public function __construct(string $locale) {}

ext/intl/collator/collator_arginfo.h

@@ -1,5 +1,5 @@
 /* This is a generated file, edit the .stub.php file instead.
- * Stub hash: 4baf9586ab91f37facc865cf1b3aa6a87e5d732d */
+ * Stub hash: c2e08f16cdc3d64e82fc277b4a59250d4b19c84e */
 
 ZEND_BEGIN_ARG_INFO_EX(arginfo_class_Collator___construct, 0, 0, 1)
 	ZEND_ARG_TYPE_INFO(0, locale, IS_STRING, 0)
@@ -96,6 +96,7 @@ static zend_class_entry *register_class_Collator(void)
 
 	INIT_CLASS_ENTRY(ce, "Collator", class_Collator_methods);
 	class_entry = zend_register_internal_class_ex(&ce, NULL);
+	class_entry->ce_flags |= ZEND_ACC_NOT_SERIALIZABLE;
 
 	return class_entry;
 }

ext/intl/common/common.stub.php

@@ -2,6 +2,7 @@
 
 /** @generate-class-entries */
 
+/** @not-serializable */
 class IntlIterator implements Iterator
 {
     /** @tentative-return-type */