Fix GH-20727: User code can run after module request shutdown via the output layer

ndossche · ndossche · commit f95433afbeac · 2026-01-03T16:47:35.000+01:00
If user code runs after modules executed RSHUTDOWN, it can be dangerous
because user code can rely on module globals that have already been
invalidated.
We should not run user code after RSHUTDOWN.

This is shown by the test by using putenv(). The original report
demonstrated a silent failure via mbstring. There are more test cases
possible but this is by far the simplest.

An alternative solution would be to try to separate the user code
running via php_header() from the output layer shutdown, to make sure
user code runs earlier. However, that becomes an ugly complex solution.
This PR's solution keeps things simple but this can be a BC break if
extensions produce output in their RSHUTDOWN handler (However, that may
have been unsafe in the first place).
diff --git a/ext/standard/tests/general_functions/gh20727.phpt b/ext/standard/tests/general_functions/gh20727.phpt
@@ -0,0 +1,11 @@
+--TEST--
+GH-20727 (User code can run after module request shutdown via the output layer)
+--FILE--
+<?php
+putenv('foo=baz');
+header_register_callback(function(){
+    var_dump(putenv('foo=bar'));
+});
+?>
+--EXPECT--
+bool(true)
