Merge branch 'PHP-7.4'

* PHP-7.4:
  Update UPGRADING
  Update UPGRADING
  Update NEWS & UPGRADING
  Do not decode cookie names anymore
  Fix bug #79601 (Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV)

3 files changed, 32 insertions, 4 deletions

diff --git a/tests/basic/022.phpt b/tests/basic/022.phpt
index 0ab70d4be7..bd1db13701 100644
--- a/tests/basic/022.phpt
+++ b/tests/basic/022.phpt
@@ -10,7 +10,7 @@ cookie1=val1  ; cookie2=val2%20; cookie3=val 3.; cookie 4= value 4 %3B; cookie1=
 var_dump($_COOKIE);
 ?>
 --EXPECT--
-array(10) {
+array(12) {
   ["cookie1"]=>
   string(6) "val1  "
   ["cookie2"]=>
@@ -19,11 +19,15 @@ array(10) {
   string(6) "val 3."
   ["cookie_4"]=>
   string(10) " value 4 ;"
+  ["%20cookie1"]=>
+  string(6) "ignore"
+  ["+cookie1"]=>
+  string(6) "ignore"
   ["cookie__5"]=>
   string(7) "  value"
-  ["cookie_6"]=>
+  ["cookie%206"]=>
   string(3) "þæö"
-  ["cookie_7"]=>
+  ["cookie+7"]=>
   string(0) ""
   ["$cookie_8"]=>
   string(0) ""
diff --git a/tests/basic/023.phpt b/tests/basic/023.phpt
index ca5f1dcfbb..0e2e0ac669 100644
--- a/tests/basic/023.phpt
+++ b/tests/basic/023.phpt
@@ -10,9 +10,11 @@ c o o k i e=value; c o o k i e= v a l u e ;;c%20o+o k+i%20e=v;name="value","valu
 var_dump($_COOKIE);
 ?>
 --EXPECT--
-array(3) {
+array(4) {
   ["c_o_o_k_i_e"]=>
   string(5) "value"
+  ["c%20o+o_k+i%20e"]=>
+  string(1) "v"
   ["name"]=>
   string(24) ""value","value",UEhQIQ=="
   ["UEhQIQ"]=>
diff --git a/tests/basic/bug79699.phpt b/tests/basic/bug79699.phpt
new file mode 100644
index 0000000000..fc3d3fedb0
--- /dev/null
+++ b/tests/basic/bug79699.phpt
@@ -0,0 +1,22 @@
+--TEST--
+Cookies Security Bug
+--INI--
+max_input_vars=1000
+filter.default=unsafe_raw
+--COOKIE--
+__%48ost-evil=evil; __Host-evil=good; %66oo=baz;foo=bar
+--FILE--
+<?php
+var_dump($_COOKIE);
+?>
+--EXPECT--
+array(4) {
+  ["__%48ost-evil"]=>
+  string(4) "evil"
+  ["__Host-evil"]=>
+  string(4) "good"
+  ["%66oo"]=>
+  string(3) "baz"
+  ["foo"]=>
+  string(3) "bar"
+}