derickr/81727.patch.txt Secret

## 81727.patch.txt
diff --git ext/standard/tests/bug81727.phpt ext/standard/tests/bug81727.phpt
new file mode 100644
index 0000000000..494225e2a9
--- /dev/null
+++ ext/standard/tests/bug81727.phpt
@@ -0,0 +1,15 @@
+--TEST--
+Bug #81727: $_COOKIE name starting with ..Host/..Secure should be discarded
+--COOKIE--
+..Host-test=ignore; __Host-test=correct; . Security-test=ignore; . Elephpant=Awesome;
+--FILE--
+<?php
+var_dump($_COOKIE);
+?>
+--EXPECT--
+array(2) {
+  ["__Host-test"]=>
+  string(7) "correct"
+  ["__Elephpant"]=>
+  string(7) "Awesome"
+}
diff --git main/php_variables.c main/php_variables.c
index cbdc7cf171..f9b03b0c42 100644
--- main/php_variables.c
+++ main/php_variables.c
@@ -115,6 +115,20 @@ PHPAPI void php_register_variable_ex(char *var_name, zval *val, zval *track_vars
 	}
 	var_len = p - var;

+	/* Discard variable if mangling made it start with __Host-, where pre-mangling it did not start with __Host- */
+	if (strncmp(var, "__Host-", sizeof("__Host-")-1) == 0 && strncmp(var_name, "__Host-", sizeof("__Host-")-1) != 0) {
+		zval_ptr_dtor_nogc(val);
+		free_alloca(var_orig, use_heap);
+		return;
+	}
+
+	/* Discard variable if mangling made it start with __Secure-, where pre-mangling it did not start with __Secure- */
+	if (strncmp(var, "__Secure-", sizeof("__Secure-")-1) == 0 && strncmp(var_name, "__Secure-", sizeof("__Secure-")-1) != 0) {
+		zval_ptr_dtor_nogc(val);
+		free_alloca(var_orig, use_heap);
+		return;
+	}
+
 	if (var_len==0) { /* empty variable name, or variable name with a space in it */
 		zval_ptr_dtor_nogc(val);
 		free_alloca(var_orig, use_heap);
	diff --git ext/standard/tests/bug81727.phpt ext/standard/tests/bug81727.phpt
	new file mode 100644
	index 0000000000..494225e2a9
	--- /dev/null
	+++ ext/standard/tests/bug81727.phpt
	@@ -0,0 +1,15 @@
	+--TEST--
	+Bug #81727: $_COOKIE name starting with ..Host/..Secure should be discarded
	+--COOKIE--
	+..Host-test=ignore; __Host-test=correct; . Security-test=ignore; . Elephpant=Awesome;
	+--FILE--
	+<?php
	+var_dump($_COOKIE);
	+?>
	+--EXPECT--
	+array(2) {
	+ ["__Host-test"]=>
	+ string(7) "correct"
	+ ["__Elephpant"]=>
	+ string(7) "Awesome"
	+}
	diff --git main/php_variables.c main/php_variables.c
	index cbdc7cf171..f9b03b0c42 100644
	--- main/php_variables.c
	+++ main/php_variables.c
	@@ -115,6 +115,20 @@ PHPAPI void php_register_variable_ex(char var_name, zval val, zval *track_vars
	}
	var_len = p - var;

	+ /* Discard variable if mangling made it start with __Host-, where pre-mangling it did not start with __Host- */
	+ if (strncmp(var, "__Host-", sizeof("__Host-")-1) == 0 && strncmp(var_name, "__Host-", sizeof("__Host-")-1) != 0) {
	+ zval_ptr_dtor_nogc(val);
	+ free_alloca(var_orig, use_heap);
	+ return;
	+ }
	+
	+ /* Discard variable if mangling made it start with __Secure-, where pre-mangling it did not start with __Secure- */
	+ if (strncmp(var, "__Secure-", sizeof("__Secure-")-1) == 0 && strncmp(var_name, "__Secure-", sizeof("__Secure-")-1) != 0) {
	+ zval_ptr_dtor_nogc(val);
	+ free_alloca(var_orig, use_heap);
	+ return;
	+ }
	+
	if (var_len==0) { /* empty variable name, or variable name with a space in it */
	zval_ptr_dtor_nogc(val);
	free_alloca(var_orig, use_heap);