From 9509733befcb4010bc77b06fcf41e77078976e80 Mon Sep 17 00:00:00 2001
From: jvoisin
Date: Wed, 1 Oct 2025 13:44:06 +0200
Subject: Fix a cookie-related warning for PHP8.5.0

```
========DIFF========
001- OK
001+ Fatal error: Uncaught ValueError: setcookie(): "partitioned" option cannot be used without "secure" option in /builddir/build/BUILD/snuffleupagus-1c7598c432551d0c49c2c57f249ccd5ccabce638/src/tests/samesite_cookies.php:2
002+ Stack trace:
003+ #0 /builddir/build/BUILD/snuffleupagus-1c7598c432551d0c49c2c57f249ccd5ccabce638/src/tests/samesite_cookies.php(2): setcookie('super_cookie', 'super_value')
004+ #1 {main}
005+   thrown in /builddir/build/BUILD/snuffleupagus-1c7598c432551d0c49c2c57f249ccd5ccabce638/src/tests/samesite_cookies.php on line 2
========DONE========
FAIL Cookie samesite [tests/samesite_cookies.phpt]
```

Even though the warning might be spurious, let's fix this properly, by
initialising `partitioned` to false, and by setting it only if `secure` is set
as well.
---
 src/sp_cookie_encryption.c | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/src/sp_cookie_encryption.c b/src/sp_cookie_encryption.c
index ec5c7c2..888d217 100644
--- a/src/sp_cookie_encryption.c
+++ b/src/sp_cookie_encryption.c
@@ -104,7 +104,7 @@ static void php_head_parse_cookie_options_array(
 
 PHP_FUNCTION(sp_setcookie) {
 #if PHP_VERSION_ID >= 80500
-  zend_bool partitioned;
+  zend_bool partitioned = false;
 #endif
   zend_string *name = NULL, *value = NULL, *path = NULL, *domain = NULL,
               *value_enc = NULL,
@@ -144,12 +144,11 @@ PHP_FUNCTION(sp_setcookie) {
         RETURN_FALSE;
       }
       php_head_parse_cookie_options_array(expires_or_options, &expires, &path,
-                                          &domain, &secure, &httponly,
-#if PHP_VERSION_ID < 80500
-                                          &samesite);
-#else
-                                          &samesite, &partitioned);
+                                          &domain, &secure, &httponly, &samesite
+#if PHP_VERSION_ID >= 80500
+                                          , &partitioned
 #endif
+      );
     } else {
       expires = zval_get_long(expires_or_options);
     }
@@ -214,6 +213,10 @@ PHP_FUNCTION(sp_setcookie) {
   if (php_setcookie(name, (value_enc ? value_enc : value), expires, path,
                     domain, secure, httponly, samesite, 1) == SUCCESS) {
 #else
+  if (!secure) {
+    // Can't have partitioned cookies without the secure flag.
+    partitioned = false;
+  }
   if (php_setcookie(name, (value_enc ? value_enc : value), expires, path,
                     domain, secure, httponly, samesite, partitioned, false) == SUCCESS) {
 #endif
-- 
cgit v1.3