Commit 2f4a214e5dd for php.net
commit 2f4a214e5dde0a58b0bd12ffe0b8c66a0d47db96
Author: Weilin Du <108666168+LamentXU123@users.noreply.github.com>
Date: Tue May 5 01:19:07 2026 +0800
ext/standard: Reject null bytes in parse_str() (#21942)
diff --git a/NEWS b/NEWS
index 34fbfc5bb38..fe70343e839 100644
--- a/NEWS
+++ b/NEWS
@@ -191,6 +191,8 @@ PHP NEWS
(Weilin Du)
. getenv() and putenv() now raises a ValueError when the first argument
contains null bytes. (Weilin Du)
+ . parse_str() now raises a ValueError when the $string argument contains
+ null bytes. (Weilin Du)
. proc_open() now raises a ValueError when the $cwd argument contains
null bytes. (Weilin Du)
diff --git a/UPGRADING b/UPGRADING
index 3540aee482d..fe44036383d 100644
--- a/UPGRADING
+++ b/UPGRADING
@@ -99,6 +99,8 @@ PHP 8.6 UPGRADE NOTES
argument value is passed.
. getenv() and putenv() now raises a ValueError when the first argument
contains null bytes.
+ . parse_str() now raises a ValueError when the $string argument contains
+ null bytes.
. linkinfo() now raises a ValueError when the $path argument is empty.
. pathinfo() now raises a ValueError when an invalid $flag
argument value is passed.
diff --git a/ext/standard/string.c b/ext/standard/string.c
index ef9e66ab53f..89b4e51e6c2 100644
--- a/ext/standard/string.c
+++ b/ext/standard/string.c
@@ -5012,7 +5012,7 @@ PHP_FUNCTION(parse_str)
size_t arglen;
ZEND_PARSE_PARAMETERS_START(2, 2)
- Z_PARAM_STRING(arg, arglen)
+ Z_PARAM_PATH(arg, arglen)
Z_PARAM_ZVAL(arrayArg)
ZEND_PARSE_PARAMETERS_END();
diff --git a/ext/standard/tests/strings/parse_str_null_bytes.phpt b/ext/standard/tests/strings/parse_str_null_bytes.phpt
new file mode 100644
index 00000000000..fd0d94bb0fc
--- /dev/null
+++ b/ext/standard/tests/strings/parse_str_null_bytes.phpt
@@ -0,0 +1,14 @@
+--TEST--
+parse_str() rejects null bytes
+--FILE--
+<?php
+
+try {
+ parse_str("a=1\0&b=2", $result);
+} catch (ValueError $e) {
+ echo $e->getMessage(), "\n";
+}
+
+?>
+--EXPECT--
+parse_str(): Argument #1 ($string) must not contain any null bytes