Merge branch '12.5' into 13.1

* 12.5:
  Reject invalid class and method names

Author: sebastianbergmann

ChangeLog-13.1.md

@@ -7,6 +7,8 @@ All notable changes of the PHPUnit 13.1 release series are documented in this fi
 ### Fixed
 
 * [#6595](https://github.com/sebastianbergmann/phpunit/issues/6595): Crash when before-class or after-class method fails with assertion failure
+* `MockBuilder::setMockClassName()` and `TestStubBuilder::setStubClassName()` now reject values that are not valid unqualified PHP class identifiers, throwing the new `InvalidClassNameException`
+* The regular expression used by `Generator::ensureValidMethods()` to validate method names passed to `MockBuilder::onlyMethods()` and `addMethods()` was not anchored, so any string containing a valid identifier substring (including strings with parentheses, braces, comments, or newlines) was accepted
 
 ## [13.1.7] - 2026-04-18
 

src/Framework/MockObject/Generator/Exception/InvalidClassNameException.php

@@ -0,0 +1,30 @@
+<?php declare(strict_types=1);
+/*
+ * This file is part of PHPUnit.
+ *
+ * (c) Sebastian Bergmann <sebastian@phpunit.de>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+namespace PHPUnit\Framework\MockObject\Generator;
+
+use function sprintf;
+
+/**
+ * @no-named-arguments Parameter names are not covered by the backward compatibility promise for PHPUnit
+ *
+ * @internal This class is not covered by the backward compatibility promise for PHPUnit
+ */
+final class InvalidClassNameException extends \PHPUnit\Framework\Exception implements Exception
+{
+    public function __construct(string $className)
+    {
+        parent::__construct(
+            sprintf(
+                'Cannot use "%s" as the name of a test double class because it is not a valid PHP class name',
+                $className,
+            ),
+        );
+    }
+}

src/Framework/MockObject/Generator/Generator.php

@@ -83,6 +83,7 @@ final class Generator
      * @throws ClassIsEnumerationException
      * @throws ClassIsFinalException
      * @throws DuplicateMethodException
+     * @throws InvalidClassNameException
      * @throws InvalidMethodNameException
      * @throws NameAlreadyInUseException
      * @throws ReflectionException
@@ -97,6 +98,7 @@ public function testDouble(string $type, bool $mockObject, ?array $methods = [],
 
         $this->ensureKnownType($type);
         $this->ensureValidMethods($methods);
+        $this->ensureValidNameForTestDoubleClass($mockClassName);
         $this->ensureNameForTestDoubleClassIsAvailable($mockClassName);
 
         $mock = $this->generate(
@@ -688,7 +690,7 @@ private function ensureValidMethods(?array $methods): void
         }
 
         foreach ($methods as $method) {
-            if (!preg_match('~[a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*~', (string) $method)) {
+            if (!preg_match('~\A[a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*\z~', (string) $method)) {
                 throw new InvalidMethodNameException((string) $method);
             }
         }
@@ -698,6 +700,20 @@ private function ensureValidMethods(?array $methods): void
         }
     }
 
+    /**
+     * @throws InvalidClassNameException
+     */
+    private function ensureValidNameForTestDoubleClass(string $className): void
+    {
+        if ($className === '') {
+            return;
+        }
+
+        if (!preg_match('~\A[a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*\z~', $className)) {
+            throw new InvalidClassNameException($className);
+        }
+    }
+
     /**
      * @throws NameAlreadyInUseException
      * @throws ReflectionException

src/Framework/MockObject/MockBuilder.php

@@ -14,6 +14,7 @@
 use PHPUnit\Framework\MockObject\Generator\ClassIsEnumerationException;
 use PHPUnit\Framework\MockObject\Generator\ClassIsFinalException;
 use PHPUnit\Framework\MockObject\Generator\DuplicateMethodException;
+use PHPUnit\Framework\MockObject\Generator\InvalidClassNameException;
 use PHPUnit\Framework\MockObject\Generator\InvalidMethodNameException;
 use PHPUnit\Framework\MockObject\Generator\NameAlreadyInUseException;
 use PHPUnit\Framework\MockObject\Generator\ReflectionException;
@@ -52,6 +53,7 @@ public function __construct(TestCase $testCase, string $type)
      * @throws ClassIsFinalException
      * @throws DuplicateMethodException
      * @throws InvalidArgumentException
+     * @throws InvalidClassNameException
      * @throws InvalidMethodNameException
      * @throws NameAlreadyInUseException
      * @throws ReflectionException

src/Framework/MockObject/TestStubBuilder.php

@@ -13,6 +13,7 @@
 use PHPUnit\Framework\MockObject\Generator\ClassIsEnumerationException;
 use PHPUnit\Framework\MockObject\Generator\ClassIsFinalException;
 use PHPUnit\Framework\MockObject\Generator\DuplicateMethodException;
+use PHPUnit\Framework\MockObject\Generator\InvalidClassNameException;
 use PHPUnit\Framework\MockObject\Generator\InvalidMethodNameException;
 use PHPUnit\Framework\MockObject\Generator\NameAlreadyInUseException;
 use PHPUnit\Framework\MockObject\Generator\ReflectionException;
@@ -37,6 +38,7 @@ final class TestStubBuilder extends TestDoubleBuilder
      * @throws ClassIsEnumerationException
      * @throws ClassIsFinalException
      * @throws DuplicateMethodException
+     * @throws InvalidClassNameException
      * @throws InvalidMethodNameException
      * @throws NameAlreadyInUseException
      * @throws ReflectionException

tests/unit/Framework/MockObject/Creation/MockBuilderTest.php

@@ -17,6 +17,7 @@
 use PHPUnit\Framework\Attributes\Medium;
 use PHPUnit\Framework\Attributes\TestDox;
 use PHPUnit\Framework\MockObject\Generator\DuplicateMethodException;
+use PHPUnit\Framework\MockObject\Generator\InvalidClassNameException;
 use PHPUnit\Framework\MockObject\Generator\InvalidMethodNameException;
 use PHPUnit\Framework\MockObject\Generator\NameAlreadyInUseException;
 use PHPUnit\Framework\TestCase;
@@ -28,6 +29,7 @@
 #[CoversClass(MockBuilder::class)]
 #[CoversMethod(TestCase::class, 'getMockBuilder')]
 #[CoversClass(DuplicateMethodException::class)]
+#[CoversClass(InvalidClassNameException::class)]
 #[CoversClass(InvalidMethodNameException::class)]
 #[CoversClass(NameAlreadyInUseException::class)]
 #[Group('test-doubles')]
@@ -54,7 +56,17 @@ public function testCannotCreateMockObjectWithSpecifiedClassNameWhenClassWithTha
         $this->expectException(NameAlreadyInUseException::class);
 
         $this->getMockBuilder(InterfaceWithReturnTypeDeclaration::class)
-            ->setMockClassName(__CLASS__)
+            ->setMockClassName('stdClass')
+            ->getMock();
+    }
+
+    #[TestDox('setMockClassName() rejects values that are not valid PHP class names')]
+    public function testCannotCreateMockObjectWithInvalidClassName(): void
+    {
+        $this->expectException(InvalidClassNameException::class);
+
+        $this->getMockBuilder(InterfaceWithReturnTypeDeclaration::class)
+            ->setMockClassName("Foo {} ?>\n<?php class Bar")
             ->getMock();
     }
 

tests/unit/Framework/MockObject/Creation/TestStubBuilderTest.php

@@ -49,7 +49,7 @@ public function testCannotCreateTestStubWithSpecifiedClassNameWhenClassWithThatN
         $this->expectException(NameAlreadyInUseException::class);
 
         $this->getStubBuilder(InterfaceWithReturnTypeDeclaration::class)
-            ->setStubClassName(__CLASS__)
+            ->setStubClassName('stdClass')
             ->getStub();
     }