Fix regression with header removing removing whole prefixes

The header removal code looked for the colon for key-value at the wrong
place, so it would overzealously remove headers. Tweak that condition,
and make the alternative condition only active if it's set (with the
remove prefix op case).

Fixes GH-21018.

Author: NattyNarwhal

ext/standard/tests/general_functions/gh21018.phpt

@@ -0,0 +1,21 @@
+--TEST--
+GH-21018 (header() removes headers with the same prefix)
+--INI--
+expose_php=On
+--CGI--
+--FILE--
+<?php
+header('a: 1');
+header('a-test: 1');
+header('a: 1');
+var_dump(headers_list());
+?>
+--EXPECTF--
+array(3) {
+  [0]=>
+  string(%d) "X-Powered-By: PHP/%s"
+  [1]=>
+  string(9) "a-test: 1"
+  [2]=>
+  string(4) "a: 1"
+}

main/SAPI.c

@@ -610,8 +610,12 @@ static void sapi_remove_header(zend_llist *l, char *name, size_t len, size_t hea
 	while (current) {
 		header = (sapi_header_struct *)(current->data);
 		next = current->next;
+		/*
+		 * header_len is set for DELETE_PREFIX (used in cookies)
+		 * look for the : otherwise
+		 */
 		if (header->header_len > header_len
-				&& (header->header[header_len] == ':' || len > header_len)
+				&& (header->header[len] == ':' || (header_len && len > header_len))
 				&& !strncasecmp(header->header, name, len)) {
 			if (current->prev) {
 				current->prev->next = next;