Dev news

Commit c4c4948aef2 for php.net

commit c4c4948aef2cd82748d87a35a7b7e90f3c322bcc
Author: Weilin Du <weilindu@php.net>
Date:   Thu Jun 18 22:44:37 2026 +0800

    ext/standard: Reject NUL bytes in `dl()` (#22358)

    Similar to #21942 and #21871. The dl function in std extension now silently truncates
    from NUL bytes. Now we reject any parameter containing NUL byte(s) by throwing a
    ValueErrpr

diff --git a/NEWS b/NEWS
index 2bbe43032ec..652c415d526 100644
--- a/NEWS
+++ b/NEWS
@@ -254,6 +254,8 @@ PHP                                                                        NEWS
     (Weilin Du)
   . getenv() and putenv() now raises a ValueError when the first argument
     contains null bytes. (Weilin Du)
+  . dl() now raises a ValueError when the $extension_filename argument
+    contains null bytes. (Weilin Du)
   . parse_str() now raises a ValueError when the $string argument contains
     null bytes. (Weilin Du)
   . proc_open() now raises a ValueError when the $cwd argument contains
diff --git a/UPGRADING b/UPGRADING
index bdadc6efbef..f840340fb7f 100644
--- a/UPGRADING
+++ b/UPGRADING
@@ -151,6 +151,8 @@ PHP 8.6 UPGRADE NOTES
     argument value is passed.
   . getenv() and putenv() now raises a ValueError when the first argument
     contains null bytes.
+  . dl() now raises a ValueError when the $extension_filename argument
+    contains null bytes.
   . parse_str() now raises a ValueError when the $string argument contains
     null bytes.
   . linkinfo() now raises a ValueError when the $path argument is empty.
diff --git a/ext/standard/dl.c b/ext/standard/dl.c
index a6d0ced6fa8..ca8ba57a16e 100644
--- a/ext/standard/dl.c
+++ b/ext/standard/dl.c
@@ -43,7 +43,7 @@ PHPAPI PHP_FUNCTION(dl)
 	size_t filename_len;

 	ZEND_PARSE_PARAMETERS_START(1, 1)
-		Z_PARAM_STRING(filename, filename_len)
+		Z_PARAM_PATH(filename, filename_len)
 	ZEND_PARSE_PARAMETERS_END();

 	if (!PG(enable_dl)) {
diff --git a/ext/standard/tests/general_functions/dl_null_bytes.phpt b/ext/standard/tests/general_functions/dl_null_bytes.phpt
new file mode 100644
index 00000000000..7f251393ba3
--- /dev/null
+++ b/ext/standard/tests/general_functions/dl_null_bytes.phpt
@@ -0,0 +1,14 @@
+--TEST--
+dl() rejects null bytes in extension filename
+--FILE--
+<?php
+
+try {
+    dl("foo\0bar");
+} catch (ValueError $e) {
+    echo $e->getMessage(), "\n";
+}
+
+?>
+--EXPECT--
+dl(): Argument #1 ($extension_filename) must not contain any null bytes