Restrict allowed usages of $GLOBALS

This restricts allowed usage of $GLOBALS, with the effect that
plain PHP arrays can no longer contain INDIRECT elements.

RFC: https://wiki.php.net/rfc/restrict_globals_usage

Closes GH-6487.

Author: nikic

UPGRADING

@@ -19,6 +19,15 @@ PHP 8.1 UPGRADE NOTES
 1. Backward Incompatible Changes
 ========================================
 
+- Core:
+  . Access to the $GLOBALS array is now subject to a number of restrictions.
+    Read and write access to individual array elements like $GLOBALS['var']
+    continues to work as-is. Read-only access to the entire $GLOBALS array also
+    continues to be supported. However, write access to the entire $GLOBALS
+    array is no longer supported. For example, array_pop($GLOBALS) will result
+    in an error.
+    RFC: https://wiki.php.net/rfc/restrict_globals_usage
+
 - Fileinfo:
   . The fileinfo functions now accept and return, respectively, finfo objects
     instead of resources.

Zend/tests/array_self_add_globals.phpt

@@ -2,7 +2,6 @@
 Add $GLOBALS to itself
 --FILE--
 <?php
-$GLOBALS += $GLOBALS;
 $x = $GLOBALS + $GLOBALS;
 ?>
 ===DONE===

Zend/tests/bug71539_6.phpt

@@ -29,6 +29,6 @@ string(%d) "%s"
 Warning: Undefined array key "PHP_SELF" in %s on line %d
 NULL
 
-Warning: Undefined variable $_SERVER in %s on line %d
+Warning: Undefined global variable $_SERVER in %s on line %d
 NULL
 Done

Zend/tests/bug71695.phpt

@@ -32,6 +32,6 @@ string(%d) "%s"
 Warning: Undefined array key "PHP_SELF" in %s on line %d
 NULL
 
-Warning: Undefined variable $_SERVER in %s on line %d
+Warning: Undefined global variable $_SERVER in %s on line %d
 NULL
 Done

Zend/tests/gc_010.phpt

@@ -38,6 +38,6 @@ string(%d) "%s"
 Warning: Undefined array key "PHP_SELF" in %s on line %d
 NULL
 
-Warning: Undefined variable $_SERVER in %s on line %d
+Warning: Undefined global variable $_SERVER in %s on line %d
 NULL
 Done

Zend/tests/globals_001.phpt

@@ -23,6 +23,6 @@ string(%d) "%s"
 Warning: Undefined array key "PHP_SELF" in %s on line %d
 NULL
 
-Warning: Undefined variable $_SERVER in %s on line %d
+Warning: Undefined global variable $_SERVER in %s on line %d
 NULL
 Done

Zend/tests/globals_002.phpt

@@ -0,0 +1,11 @@
+--TEST--
+$GLOBALS no longer contains 'GLOBALS'
+--FILE--
+<?php
+
+$g = $GLOBALS;
+var_dump(isset($g['GLOBALS']));
+
+?>
+--EXPECT--
+bool(false)

Zend/tests/globals_003.phpt

@@ -0,0 +1,10 @@
+--TEST--
+Cannot assign to $GLOBALS
+--FILE--
+<?php
+
+$GLOBALS = [];
+
+?>
+--EXPECTF--
+Fatal error: $GLOBALS can only be modified using the $GLOBALS[$name] = $value syntax in %s on line %d

Zend/tests/globals_004.phpt

@@ -0,0 +1,10 @@
+--TEST--
+Cannot list-assign to $GLOBALS
+--FILE--
+<?php
+
+list($GLOBALS) = [1];
+
+?>
+--EXPECTF--
+Fatal error: $GLOBALS can only be modified using the $GLOBALS[$name] = $value syntax in %s on line %d

Zend/tests/restrict_globals/globals_in_globals.phpt

@@ -0,0 +1,10 @@
+--TEST--
+Cannot list-assign to $GLOBALS (by-ref)
+--FILE--
+<?php
+
+list(&$GLOBALS) = [1];
+
+?>
+--EXPECTF--
+Fatal error: Cannot assign reference to non referencable value in %s on line %d

Zend/tests/restrict_globals/invalid_assign.phpt

@@ -0,0 +1,10 @@
+--TEST--
+Cannot compound assign to $GLOBALS
+--FILE--
+<?php
+
+$GLOBALS += [];
+
+?>
+--EXPECTF--
+Fatal error: $GLOBALS can only be modified using the $GLOBALS[$name] = $value syntax in %s on line %d

Zend/tests/restrict_globals/invalid_assign_list.phpt

@@ -0,0 +1,11 @@
+--TEST--
+Cannot by-ref assign to $GLOBALS (LHS)
+--FILE--
+<?php
+
+$var = [];
+$GLOBALS =& $var;
+
+?>
+--EXPECTF--
+Fatal error: $GLOBALS can only be modified using the $GLOBALS[$name] = $value syntax in %s on line %d

Zend/tests/restrict_globals/invalid_assign_list_ref.phpt

@@ -0,0 +1,11 @@
+--TEST--
+Cannot by-ref assign to $GLOBALS (RHS)
+--FILE--
+<?php
+
+$var = [];
+$var =& $GLOBALS;
+
+?>
+--EXPECTF--
+Fatal error: Cannot acquire reference to $GLOBALS in %s on line %d

Zend/tests/restrict_globals/invalid_assign_op.phpt

@@ -0,0 +1,10 @@
+--TEST--
+Cannot use $GLOBALS as foreach result variable
+--FILE--
+<?php
+
+foreach ([1] as $GLOBALS) {}
+
+?>
+--EXPECTF--
+Fatal error: $GLOBALS can only be modified using the $GLOBALS[$name] = $value syntax in %s on line %d

Zend/tests/restrict_globals/invalid_assign_ref_lhs.phpt

@@ -0,0 +1,10 @@
+--TEST--
+Cannot use $GLOBALS as foreach result variable (by-ref)
+--FILE--
+<?php
+
+foreach ([1] as &$GLOBALS) {}
+
+?>
+--EXPECTF--
+Fatal error: $GLOBALS can only be modified using the $GLOBALS[$name] = $value syntax in %s on line %d

Zend/tests/restrict_globals/invalid_assign_ref_rhs.phpt

@@ -0,0 +1,23 @@
+--TEST--
+$GLOBALS cannot be passed by reference (runtime error)
+--FILE--
+<?php
+
+function by_ref(&$ref) {}
+try {
+    by_ref($GLOBALS);
+} catch (Error $e) {
+    echo $e->getMessage(), "\n";
+}
+
+try {
+    by_ref2($GLOBALS);
+} catch (Error $e) {
+    echo $e->getMessage(), "\n";
+}
+function by_ref2(&$ref) {}
+
+?>
+--EXPECT--
+by_ref(): Argument #1 ($ref) cannot be passed by reference
+by_ref2(): Argument #1 ($ref) cannot be passed by reference

Zend/tests/restrict_globals/invalid_foreach.phpt

@@ -0,0 +1,10 @@
+--TEST--
+Cannot unset $GLOBALS
+--FILE--
+<?php
+
+unset($GLOBALS);
+
+?>
+--EXPECTF--
+Fatal error: $GLOBALS can only be modified using the $GLOBALS[$name] = $value syntax in %s on line %d

Zend/tests/restrict_globals/invalid_foreach_ref.phpt

@@ -0,0 +1,11 @@
+--TEST--
+$GLOBALS should have canonicalized keys
+--FILE--
+<?php
+
+${1} = 42;
+var_dump($GLOBALS[1]);
+
+?>
+--EXPECT--
+int(42)

Zend/tests/restrict_globals/invalid_pass_by_ref.phpt

@@ -0,0 +1,52 @@
+--TEST--
+Supported operations on $GLOBALS
+--FILE--
+<?php
+
+function test() {
+    var_dump($GLOBALS['x']);
+    $GLOBALS['x'] = 1;
+    var_dump($GLOBALS['x']);
+    $GLOBALS['x']++;
+    var_dump($GLOBALS['x']);
+    $GLOBALS['x'] += 2;
+    var_dump($GLOBALS['x']);
+    unset($GLOBALS['y']);
+    var_dump(isset($GLOBALS['x']));
+    var_dump(isset($GLOBALS['y']));
+    $GLOBALS['z'][] = 1;
+}
+
+$y = 1;
+test();
+var_dump($x, $y, $z);
+
+$ref = 1;
+$GLOBALS['z'] =& $ref;
+$ref++;
+var_dump($z);
+
+$x = 1;
+$ref2 =& $GLOBALS['x'];
+$ref2++;
+var_dump($x);
+
+?>
+--EXPECTF--
+Warning: Undefined global variable $x in %s on line %d
+NULL
+int(1)
+int(2)
+int(4)
+bool(true)
+bool(false)
+
+Warning: Undefined variable $y in %s on line %d
+int(4)
+NULL
+array(1) {
+  [0]=>
+  int(1)
+}
+int(2)
+int(2)

Zend/tests/restrict_globals/invalid_unset.phpt

@@ -42,5 +42,5 @@ array(0) {
 Undefined array key "key"
 array(0) {
 }
-Undefined array key "test"
+Undefined global variable $test
 Undefined variable $test

Zend/tests/restrict_globals/key_canonicalization.phpt

@@ -2,6 +2,7 @@
 unset() CV 10 (unset() of global variable in ArrayObject::offsetUnset($GLOBALS))
 --FILE--
 <?php
+/* This is working on a copy of $GLOBALS, so nothing interesting happens here. */
 $a = new ArrayObject($GLOBALS);
 $x = "ok\n";
 echo $x;
@@ -12,5 +13,6 @@ echo "ok\n";
 --EXPECTF--
 ok
 
-Warning: Undefined variable $x in %s on line %d
+Warning: Undefined array key "x" in %s on line %d
+ok
 ok

Zend/tests/restrict_globals/valid.phpt

@@ -786,13 +786,8 @@ static void module_destructor_zval(zval *zv) /* {{{ */
 
 static zend_bool php_auto_globals_create_globals(zend_string *name) /* {{{ */
 {
-	zval globals;
-
-	/* IS_ARRAY, but with ref-counter 1 and not IS_TYPE_REFCOUNTED */
-	ZVAL_ARR(&globals, &EG(symbol_table));
-	Z_TYPE_FLAGS_P(&globals) = 0;
-	ZVAL_NEW_REF(&globals, &globals);
-	zend_hash_update(&EG(symbol_table), name, &globals);
+	/* While we keep registering $GLOBALS as an auto-global, we do not create an
+	 * actual variable for it. Access to it handled specially by the compiler. */
 	return 0;
 }
 /* }}} */