MFH BugFix# 25671 subarray corruption in str_replace

diff --git a/NEWS b/NEWS
index 97092d13c148f0a797edf9bd61cd709c36f61916..c6e4ada65c4832f79bbedc8b4c537e819e5c9f76 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -7,6 +7,7 @@ PHP 4                                                                      NEWS
 - Fixed crash bug when non-existing save/serializer handler was used. (Jani)
 - Fixed memory leak in gethostbynamel() if an error occurs. (Sara)
 - Fixed FastCGI being unable to bind to a specific IP. (Sascha)
+- Fixed bug #25671 (str_replace corrupting subarrays). (Sara)
 - Fixed bug #25648 (xslt_set_encoding() being not detected correctly). (Jani)
 - Fixed bug #25636 (SNMP Session not closed on success). (Ilia, 
   nesslage[at]mwsc[dot]edu)

diff --git a/ext/standard/string.c b/ext/standard/string.c
index 0e099dcecf234a3fee40829fee36bc3701a301ed..884f3616426a2d00f22eae9ed40b24540ccd27be 100644 (file)
--- a/ext/standard/string.c
+++ b/ext/standard/string.c
@@ -2746,7 +2746,10 @@ PHP_FUNCTION(str_replace)
                                SEPARATE_ZVAL(subject_entry);
                                php_str_replace_in_subject(*search, *replace, subject_entry, result);
                        } else {
-                               result = *subject_entry;
+                               MAKE_STD_ZVAL(result);
+                               SEPARATE_ZVAL(subject_entry);
+                               *result = **subject_entry;
+                               zval_copy_ctor(result);
                        }
                        /* Add to return array */
                        switch (zend_hash_get_current_key_ex(Z_ARRVAL_PP(subject), &string_key,