Fixed #71188 (str_replace converts integers in original $search array to strings)

diff --git a/NEWS b/NEWS
index 9b6f8b9076af248ffbc3066218a12205a3500e78..130cc4dce22ea4dedc961f3975176c27d943f687 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -62,6 +62,10 @@ PHP                                                                        NEWS
   . Fixed bug #71153 (Performance Degradation in ArrayIterator with large
     arrays). (Nikita)
 
+- Standard:
+  . Fixed #71188 (str_replace converts integers in original $search array to
+    strings). (Laruence)
+
 17 Dec 2015, PHP 7.0.1
 
 - Core:

diff --git a/ext/standard/string.c b/ext/standard/string.c
index 3d5b76caa2d314dca21e1c90f2005f199aa44464..5fa1254d9a3b60037bb736105169d28b21fb3235 100644 (file)
--- a/ext/standard/string.c
+++ b/ext/standard/string.c
@@ -3972,12 +3972,12 @@ static zend_long php_str_replace_in_subject(zval *search, zval *replace, zval *s
                /* For each entry in the search array, get the entry */
                ZEND_HASH_FOREACH_VAL(Z_ARRVAL_P(search), search_entry) {
                        /* Make sure we're dealing with strings. */
-                       ZVAL_DEREF(search_entry);
-                       convert_to_string(search_entry);
-                       if (Z_STRLEN_P(search_entry) == 0) {
+                       zend_string *search_str = zval_get_string(search_entry);
+                       if (ZSTR_LEN(search_str) == 0) {
                                if (Z_TYPE_P(replace) == IS_ARRAY) {
                                        replace_idx++;
                                }
+                               zend_string_release(search_str);
                                continue;
                        }
 
@@ -4007,11 +4007,11 @@ static zend_long php_str_replace_in_subject(zval *search, zval *replace, zval *s
                                }
                        }
 
-                       if (Z_STRLEN_P(search_entry) == 1) {
+                       if (ZSTR_LEN(search_str) == 1) {
                                zend_long old_replace_count = replace_count;
 
                                tmp_result = php_char_to_str_ex(Z_STR_P(result),
-                                                               Z_STRVAL_P(search_entry)[0],
+                                                               ZSTR_VAL(search_str)[0],
                                                                replace_value,
                                                                replace_len,
                                                                case_sensitivity,
@@ -4020,10 +4020,10 @@ static zend_long php_str_replace_in_subject(zval *search, zval *replace, zval *s
                                        zend_string_release(lc_subject_str);
                                        lc_subject_str = NULL;
                                }
-                       } else if (Z_STRLEN_P(search_entry) > 1) {
+                       } else if (ZSTR_LEN(search_str) > 1) {
                                if (case_sensitivity) {
                                        tmp_result = php_str_to_str_ex(Z_STR_P(result),
-                                                       Z_STRVAL_P(search_entry), Z_STRLEN_P(search_entry),
+                                                       ZSTR_VAL(search_str), ZSTR_LEN(search_str),
                                                        replace_value, replace_len, &replace_count);
                                } else {
                                        zend_long old_replace_count = replace_count;
@@ -4032,7 +4032,7 @@ static zend_long php_str_replace_in_subject(zval *search, zval *replace, zval *s
                                                lc_subject_str = php_string_tolower(Z_STR_P(result));
                                        }
                                        tmp_result = php_str_to_str_i_ex(Z_STR_P(result), ZSTR_VAL(lc_subject_str),
-                                                       Z_STR_P(search_entry), replace_value, replace_len, &replace_count);
+                                                       search_str, replace_value, replace_len, &replace_count);
                                        if (replace_count != old_replace_count) {
                                                zend_string_release(lc_subject_str);
                                                lc_subject_str = NULL;
@@ -4040,6 +4040,8 @@ static zend_long php_str_replace_in_subject(zval *search, zval *replace, zval *s
                                }                               
                        }
 
+                       zend_string_release(search_str);
+
                        if (replace_entry_str) {
                                zend_string_release(replace_entry_str);
                                replace_entry_str = NULL;
@@ -4059,6 +4061,7 @@ static zend_long php_str_replace_in_subject(zval *search, zval *replace, zval *s
                        zend_string_release(lc_subject_str);
                }
        } else {
+               ZEND_ASSERT(Z_TYPE_P(search) == IS_STRING);
                if (Z_STRLEN_P(search) == 1) {
                        ZVAL_STR(result,
                                php_char_to_str_ex(subject_str,

diff --git a/ext/standard/tests/strings/bug71188.phpt b/ext/standard/tests/strings/bug71188.phpt
new file mode 100644 (file)
index 0000000..1073825
--- /dev/null
+++ b/ext/standard/tests/strings/bug71188.phpt
@@ -0,0 +1,28 @@
+--TEST--
+Bug #71188 (str_replace converts integers in original $search array to strings)
+--FILE--
+<?php
+$a = [0, 1, 2];
+$b = ["Nula", "Jedna", "Dva"];
+
+var_dump($a);
+str_replace($a, $b, "1");
+var_dump($a);
+?>
+--EXPECT--
+array(3) {
+  [0]=>
+  int(0)
+  [1]=>
+  int(1)
+  [2]=>
+  int(2)
+}
+array(3) {
+  [0]=>
+  int(0)
+  [1]=>
+  int(1)
+  [2]=>
+  int(2)
+}