From b3e83e2b9049da94c66b64b21005484dbb4b55a4 Mon Sep 17 00:00:00 2001
From: Nikolaos Dimopoulos <nikos@niden.net>
Date: Fri, 7 Mar 2025 10:40:32 -0600
Subject: [PATCH 1/4] added check for glob return in session:gc()

---
 phalcon/Session/Adapter/Stream.zep | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/phalcon/Session/Adapter/Stream.zep b/phalcon/Session/Adapter/Stream.zep
index dc1f7bb893f..4dfdae8c1f3 100644
--- a/phalcon/Session/Adapter/Stream.zep
+++ b/phalcon/Session/Adapter/Stream.zep
@@ -95,16 +95,19 @@ class Stream extends Noop
      */
     public function gc(int max_lifetime) -> int|false
     {
-        var file, pattern, time;
+        var file, glob, pattern, time;
 
         let pattern = this->path . this->prefix . "*",
-            time    = time() - max_lifetime;
-
-        for file in glob(pattern) {
-            if true === file_exists(file) &&
-               true === is_file(file)     &&
-               (filemtime(file) < time) {
-                unlink(file);
+            time    = time() - max_lifetime,
+            glob    = glob(pattern);
+
+        if (!empty(glob)) {
+            for file in glob {
+                if true === file_exists(file) &&
+                   true === is_file(file)     &&
+                   (filemtime(file) < time) {
+                    unlink(file);
+                }
             }
         }
 

From 5d7c6b4e622cc1ef3eae69aa84b52ed183ab72bb Mon Sep 17 00:00:00 2001
From: Nikolaos Dimopoulos <nikos@niden.net>
Date: Fri, 7 Mar 2025 11:13:24 -0600
Subject: [PATCH 2/4] adding condition to handle glob false in gc

---
 phalcon/Session/Adapter/Stream.zep | 35 ++++++++++++++++++++++++++++--
 1 file changed, 33 insertions(+), 2 deletions(-)

diff --git a/phalcon/Session/Adapter/Stream.zep b/phalcon/Session/Adapter/Stream.zep
index 4dfdae8c1f3..83e2091083c 100644
--- a/phalcon/Session/Adapter/Stream.zep
+++ b/phalcon/Session/Adapter/Stream.zep
@@ -95,11 +95,21 @@ class Stream extends Noop
      */
     public function gc(int max_lifetime) -> int|false
     {
-        var file, glob, pattern, time;
+        var file, glob, last, pattern, time;
 
         let pattern = this->path . this->prefix . "*",
             time    = time() - max_lifetime,
-            glob    = glob(pattern);
+            glob    = this->getGlobFiles(pattern);
+
+        if (false === glob) {
+            let last = error_get_last();
+            if (isset(last["message"])) {
+                let last = last["message"];
+            } else {
+                let last = "Unexpected gc error";
+            }
+            throw new Exception(last);
+        }
 
         if (!empty(glob)) {
             for file in glob {
@@ -187,6 +197,26 @@ class Stream extends Noop
         return rtrim(directory, DIRECTORY_SEPARATOR) . DIRECTORY_SEPARATOR;
     }
 
+
+    /**
+     * Gets the glob array or returns false on failure
+     *
+     * @param string $pattern
+     *
+     * @return array|false
+     */
+    protected function getGlobFiles(string pattern) -> array | false
+    {
+        var errorLevel, glob;
+
+        let errorLevel = error_reporting(0);
+        error_clear_last();
+        let glob = glob(pattern);
+        error_reporting(errorLevel);
+
+        return glob;
+    }
+
     /**
      * @param string $filename
      *
@@ -271,4 +301,5 @@ class Stream extends Noop
     {
         return is_writable(filename);
     }
+
 }

From 6be3e6a8a26c02d1fcf4b41e1ded498d1b476a8b Mon Sep 17 00:00:00 2001
From: Nikolaos Dimopoulos <nikos@niden.net>
Date: Fri, 7 Mar 2025 11:16:21 -0600
Subject: [PATCH 3/4] added test

---
 .../Session/Adapter/StreamGlobFixture.php     | 31 +++++++++++++++++++
 .../Session/Adapter/Stream/GcCest.php         | 23 ++++++++++++++
 2 files changed, 54 insertions(+)
 create mode 100644 tests/_data/fixtures/Session/Adapter/StreamGlobFixture.php

diff --git a/tests/_data/fixtures/Session/Adapter/StreamGlobFixture.php b/tests/_data/fixtures/Session/Adapter/StreamGlobFixture.php
new file mode 100644
index 00000000000..ba507c6b8d4
--- /dev/null
+++ b/tests/_data/fixtures/Session/Adapter/StreamGlobFixture.php
@@ -0,0 +1,31 @@
+<?php
+
+/**
+ * This file is part of the Phalcon Framework.
+ *
+ * (c) Phalcon Team <team@phalcon.io>
+ *
+ * For the full copyright and license information, please view the LICENSE.txt
+ * file that was distributed with this source code.
+ */
+
+declare(strict_types=1);
+
+namespace Phalcon\Tests\Fixtures\Session\Adapter;
+
+use Phalcon\Session\Adapter\Stream;
+
+class StreamGlobFixture extends Stream
+{
+    /**
+     * Gets the glob array or returns false on failure
+     *
+     * @param string $pattern
+     *
+     * @return array|false
+     */
+    protected function getGlobFiles(string $pattern): array | false
+    {
+        return false;
+    }
+}
diff --git a/tests/integration/Session/Adapter/Stream/GcCest.php b/tests/integration/Session/Adapter/Stream/GcCest.php
index 0d98e02ddf5..45ed321dd63 100644
--- a/tests/integration/Session/Adapter/Stream/GcCest.php
+++ b/tests/integration/Session/Adapter/Stream/GcCest.php
@@ -14,10 +14,13 @@
 namespace Phalcon\Tests\Integration\Session\Adapter\Stream;
 
 use IntegrationTester;
+use Phalcon\Session\Exception;
+use Phalcon\Tests\Fixtures\Session\Adapter\StreamGlobFixture;
 use Phalcon\Tests\Fixtures\Traits\DiTrait;
 
 use function cacheDir;
 use function file_put_contents;
+use function getOptionsSessionStream;
 use function sleep;
 use function uniqid;
 
@@ -59,4 +62,24 @@ public function sessionAdapterStreamGc(IntegrationTester $I)
         $I->dontSeeFileFound('gc_1', cacheDir('sessions'));
         $I->dontSeeFileFound('gc_2', cacheDir('sessions'));
     }
+    /**
+     * Tests Phalcon\Session\Adapter\Stream :: gc() -
+     * glob() false returns exception
+     *
+     * @return void
+     *
+     * @author Phalcon Team <team@phalcon.io>
+     * @since  2020-09-09
+     */
+    public function testSessionAdapterStreamGcGlobThrowsException(IntegrationTester $I): void
+    {
+        $I->expectThrowable(
+            new Exception('Unexpected gc error'),
+            function () {
+                $adapter = new StreamGlobFixture(getOptionsSessionStream());
+
+                $actual = $adapter->gc(1);
+            }
+        );
+    }
 }

From b02861c8fde229e7c1bb10ca71982f93e36cc5b8 Mon Sep 17 00:00:00 2001
From: Nikolaos Dimopoulos <nikos@niden.net>
Date: Fri, 7 Mar 2025 11:17:37 -0600
Subject: [PATCH 4/4] updating changelog

---
 CHANGELOG-5.0.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG-5.0.md b/CHANGELOG-5.0.md
index 863d874129f..e6f31150c92 100644
--- a/CHANGELOG-5.0.md
+++ b/CHANGELOG-5.0.md
@@ -24,6 +24,7 @@
 - Fixed `Phalcon\Di\Injectable` to reference the correct instance of `Phalcon\Di\Di` in the docblock property [#16634](https://github.com/phalcon/cphalcon/issues/16634)
 - Fixed `Phalcon\Filter\Filter` to have the correct docblock for IDE completion
 - Fixed `Phalcon\Mvc\Model\Query` to use the lifetime in the "cache" service if none has been supplied by the options [#16696](https://github.com/phalcon/cphalcon/issues/16696)
+- Fixed `Phalcon\Session\Adapter\Stream::gc()` to throw an exception if something is wrong with `glob()` [#16713](https://github.com/phalcon/cphalcon/issues/16713)
 
 ### Removed