php
diff --git a/‎ext/standard/array.c‎
Lines changed: 16 additions & 7 deletions b/‎ext/standard/array.c‎
Lines changed: 16 additions & 7 deletions
diff --git a/‎ext/standard/basic_functions_arginfo.h‎
Lines changed: 9 additions & 9 deletions b/‎ext/standard/basic_functions_arginfo.h‎
Lines changed: 9 additions & 9 deletions
diff --git a/‎ext/standard/basic_functions_decl.h‎
Lines changed: 4 additions & 4 deletions b/‎ext/standard/basic_functions_decl.h‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎ext/standard/tests/array/array_path_exists.phpt‎
Lines changed: 9 additions & 0 deletions b/‎ext/standard/tests/array/array_path_exists.phpt‎
Lines changed: 9 additions & 0 deletions
diff --git a/‎ext/standard/tests/array/array_path_get.phpt‎
Lines changed: 9 additions & 0 deletions b/‎ext/standard/tests/array/array_path_get.phpt‎
Lines changed: 9 additions & 0 deletions
@@ -6922,22 +6922,31 @@ static zval* array_get_nested(HashTable *ht, HashTable *path)
 	uint32_t num_segments = zend_hash_num_elements(path);
 	uint32_t segment_index = 0;
 
-	/* Iterate through each segment in the path array */
+	/* First pass: validate all path segments are valid types */
+	ZEND_HASH_FOREACH_VAL(path, segment_val) {
+		/* Dereference segment if it's a reference */
+		ZVAL_DEREF(segment_val);
+
+		/* Segment must be a string or int */
+		if (Z_TYPE_P(segment_val) != IS_STRING && Z_TYPE_P(segment_val) != IS_LONG) {
+			/* Invalid segment type - throw TypeError */
+			zend_type_error("Path segment must be of type string|int, %s given", zend_zval_value_name(segment_val));
+			return NULL;
+		}
+	} ZEND_HASH_FOREACH_END();
+
+	/* Second pass: traverse the array using the validated path */
 	ZEND_HASH_FOREACH_VAL(path, segment_val) {
 		segment_index++;
 
 		/* Dereference segment if it's a reference */
 		ZVAL_DEREF(segment_val);
 
-		/* Segment must be a string or int */
+		/* Look up the segment (already validated to be string or int) */
 		if (Z_TYPE_P(segment_val) == IS_STRING) {
 			current = zend_symtable_find(current_ht, Z_STR_P(segment_val));
-		} else if (Z_TYPE_P(segment_val) == IS_LONG) {
-			current = zend_hash_index_find(current_ht, Z_LVAL_P(segment_val));
 		} else {
-			/* Invalid segment type - throw TypeError */
-			zend_type_error("Path segment must be of type string|int, %s given", zend_zval_value_name(segment_val));
-			return NULL;
+			current = zend_hash_index_find(current_ht, Z_LVAL_P(segment_val));
 		}
 
 		/* If segment not found, return NULL */
 
@@ -38,6 +38,14 @@ try {
 	echo $e->getMessage() . "\n";
 }
 
+// Test with invalid segment type even when path doesn't exist
+$empty_array = [];
+try {
+	var_dump(array_path_exists($empty_array, ['foo', 'bar', new stdClass()]));
+} catch (TypeError $e) {
+	echo $e->getMessage() . "\n";
+}
+
 // Test with reference to an array in the path
 $array2 = ['world'];
 $array_with_ref = ['hello' => &$array2];
@@ -63,6 +71,7 @@ bool(true)
 bool(false)
 bool(true)
 Path segment must be of type string|int, stdClass given
+Path segment must be of type string|int, stdClass given
 bool(true)
 bool(true)
 Done
@@ -36,6 +36,14 @@ try {
 	echo $e->getMessage() . "\n";
 }
 
+// Test with invalid segment type even when path doesn't exist
+$empty_array = [];
+try {
+	var_dump(array_path_get($empty_array, ['foo', 'bar', new stdClass()], 'default'));
+} catch (TypeError $e) {
+	echo $e->getMessage() . "\n";
+}
+
 // Test with references - ensure returned value is a copy, not a reference
 $ref_array = ['data' => ['value' => 'original']];
 $ref =& $ref_array['data']['value'];
@@ -76,6 +84,7 @@ string(5) "Alice"
 string(3) "Bob"
 int(75)
 Path segment must be of type string|int, stdClass given
+Path segment must be of type string|int, stdClass given
 string(8) "original"
 string(8) "original"
 string(7) "default"