Dev news

Commit 1041a47ed38 for php.net

commit 1041a47ed3822f39c34562b9fa6bb79e122f3072
Author: Gina Peter Banyard <girgias@php.net>
Date:   Fri Feb 6 16:11:36 2026 +0000

    ext/standard: throw ValueError if argument contains null byte in session_module_name()

    And fix error message to use 'must not' rather than 'cannot'

diff --git a/UPGRADING b/UPGRADING
index 8a1c61b9192..b1db9893de6 100644
--- a/UPGRADING
+++ b/UPGRADING
@@ -23,6 +23,10 @@ PHP 8.6 UPGRADE NOTES
   . Invalid values now throw in Phar::mungServer() instead of being silently
     ignored.

+- Session:
+  . A ValueError is not thrown if $name is a string containing null bytes in
+    session_module_name().
+
 - Standard:
   . Invalid mode values now throw in array_filter() instead of being silently
     defaulted to 0.
diff --git a/ext/session/session.c b/ext/session/session.c
index 92ed91fbf86..e3e17a37fbf 100644
--- a/ext/session/session.c
+++ b/ext/session/session.c
@@ -1996,9 +1996,8 @@ PHP_FUNCTION(session_name)
 PHP_FUNCTION(session_module_name)
 {
 	zend_string *name = NULL;
-	zend_string *ini_name;

-	if (zend_parse_parameters(ZEND_NUM_ARGS(), "|S!", &name) == FAILURE) {
+	if (zend_parse_parameters(ZEND_NUM_ARGS(), "|P!", &name) == FAILURE) {
 		RETURN_THROWS();
 	}

@@ -2015,7 +2014,7 @@ PHP_FUNCTION(session_module_name)

 	if (name) {
 		if (zend_string_equals_ci(name, ZSTR_KNOWN(ZEND_STR_USER))) {
-			zend_argument_value_error(1, "cannot be \"user\"");
+			zend_argument_value_error(1, "must not be \"user\"");
 			RETURN_THROWS();
 		}
 		if (!_php_find_ps_module(ZSTR_VAL(name))) {
@@ -2029,7 +2028,7 @@ PHP_FUNCTION(session_module_name)
 		}
 		PS(mod_data) = NULL;

-		ini_name = ZSTR_INIT_LITERAL("session.save_handler", false);
+		zend_string *ini_name = ZSTR_INIT_LITERAL("session.save_handler", false);
 		zend_alter_ini_entry(ini_name, name, PHP_INI_USER, PHP_INI_STAGE_RUNTIME);
 		zend_string_release_ex(ini_name, false);
 	}
diff --git a/ext/session/tests/bug73100.phpt b/ext/session/tests/bug73100.phpt
index 21e698a14ab..fc998442872 100644
--- a/ext/session/tests/bug73100.phpt
+++ b/ext/session/tests/bug73100.phpt
@@ -24,5 +24,5 @@

 Warning: session_module_name(): Session save handler module cannot be changed when a session is active (started from %s on line %d) in %s on line %d
 bool(true)
-session_module_name(): Argument #1 ($module) cannot be "user"
+session_module_name(): Argument #1 ($module) must not be "user"
 ===DONE===
diff --git a/ext/session/tests/session_module_name_errors.phpt b/ext/session/tests/session_module_name_errors.phpt
new file mode 100644
index 00000000000..f00171e6584
--- /dev/null
+++ b/ext/session/tests/session_module_name_errors.phpt
@@ -0,0 +1,22 @@
+--TEST--
+session_module_name(): errors
+--EXTENSIONS--
+session
+--FILE--
+<?php
+
+try {
+	var_dump(session_module_name("user"));
+} catch (Throwable $e) {
+	echo $e::class, ': ', $e->getMessage(), PHP_EOL;
+}
+try {
+	var_dump(session_module_name("fi\0le"));
+} catch (Throwable $e) {
+	echo $e::class, ': ', $e->getMessage(), PHP_EOL;
+}
+
+?>
+--EXPECT--
+ValueError: session_module_name(): Argument #1 ($module) must not be "user"
+ValueError: session_module_name(): Argument #1 ($module) must not contain any null bytes