diff options
| author | Stanislav Malyshev <stas@php.net> | 2016-08-17 01:12:33 -0700 |
|---|---|---|
| committer | Anatol Belski <ab@php.net> | 2016-08-17 13:53:22 +0200 |
| commit | 8d7766a948999b990dbd13f96fa845a26d6f8f66 (patch) | |
| tree | 73e4c718e182ccc614105650f0c46738aa5e6017 | |
| parent | 758a0cd8b3941935b5ec10256c336544e0d6ad41 (diff) | |
| download | php-git-8d7766a948999b990dbd13f96fa845a26d6f8f66.tar.gz | |
fix test
(cherry picked from commit ed9d916c28b042d276a28998f92eb7e6cc56025a)
| -rw-r--r-- | ext/session/tests/bug72681.phpt | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/ext/session/tests/bug72681.phpt b/ext/session/tests/bug72681.phpt new file mode 100644 index 0000000000..ceca6ecc33 --- /dev/null +++ b/ext/session/tests/bug72681.phpt @@ -0,0 +1,17 @@ +--TEST-- +Bug #72681: PHP Session Data Injection Vulnerability +--SKIPIF-- +<?php include('skipif.inc'); ?> +--FILE-- +<?php +ini_set('session.serialize_handler', 'php'); +session_start(); +$GLOBALS['ryat'] = $GLOBALS; +$_SESSION['ryat'] = 'ryat|O:8:"stdClass":0:{}'; +session_write_close(); +session_start(); +var_dump($_SESSION); +?> +--EXPECT-- +array(0) { +} |