Commit 77a97966466 for php.net

commit 77a97966466b65f9c1e40e1f16159443c041a7a0
Merge: 4f35c154c74 fa0e11f185f
Author: Ilia Alshanetsky <ilia@ilia.ws>
Date:   Mon Jun 15 17:26:53 2026 -0400

    Merge branch 'PHP-8.5'

    * PHP-8.5:
      Fix zend_string leak on case-variant duplicate setcookie() options

diff --cc ext/standard/head.c
index 03f2e6189ee,28bac59e48d..773b6919b78
--- a/ext/standard/head.c
+++ b/ext/standard/head.c
@@@ -218,17 -209,26 +218,26 @@@ static zend_result php_head_parse_cooki
  		if (zend_string_equals_literal_ci(key, "expires")) {
  			*expires = zval_get_long(value);
  		} else if (zend_string_equals_literal_ci(key, "path")) {
+ 			if (*path) {
+ 				zend_string_release(*path);
+ 			}
  			*path = zval_get_string(value);
  		} else if (zend_string_equals_literal_ci(key, "domain")) {
+ 			if (*domain) {
+ 				zend_string_release(*domain);
+ 			}
  			*domain = zval_get_string(value);
  		} else if (zend_string_equals_literal_ci(key, "secure")) {
 -			*secure = zval_is_true(value);
 +			*secure = zend_is_true(value);
  		} else if (zend_string_equals_literal_ci(key, "httponly")) {
 -			*httponly = zval_is_true(value);
 +			*httponly = zend_is_true(value);
  		} else if (zend_string_equals_literal_ci(key, "samesite")) {
+ 			if (*samesite) {
+ 				zend_string_release(*samesite);
+ 			}
  			*samesite = zval_get_string(value);
  		} else if (zend_string_equals_literal_ci(key, "partitioned")) {
 -			*partitioned = zval_is_true(value);
 +			*partitioned = zend_is_true(value);
  		} else {
  			zend_value_error("%s(): option \"%s\" is invalid", get_active_function_name(), ZSTR_VAL(key));
  			return FAILURE;