diff options
| -rw-r--r-- | ext/gd/tests/imagebmp_nullbyte_injection.phpt | 17 | ||||
| -rw-r--r-- | ext/gd/tests/imagegd2_nullbyte_injection.phpt | 29 | ||||
| -rw-r--r-- | ext/gd/tests/imagegd_nullbyte_injection.phpt | 28 | ||||
| -rw-r--r-- | ext/gd/tests/imagegif_nullbyte_injection.phpt | 21 | ||||
| -rw-r--r-- | ext/gd/tests/imagejpeg_nullbyte_injection.phpt | 17 | ||||
| -rw-r--r-- | ext/gd/tests/imagepng_nullbyte_injection.phpt | 17 | ||||
| -rw-r--r-- | ext/gd/tests/imagewbmp_nullbyte_injection.phpt | 17 | ||||
| -rw-r--r-- | ext/gd/tests/imagewebp_nullbyte_injection.phpt | 17 | ||||
| -rw-r--r-- | ext/gd/tests/imagexbm_nullbyte_injection.phpt | 16 |
9 files changed, 45 insertions, 134 deletions
diff --git a/ext/gd/tests/imagebmp_nullbyte_injection.phpt b/ext/gd/tests/imagebmp_nullbyte_injection.phpt new file mode 100644 index 0000000000..0b6d1843d3 --- /dev/null +++ b/ext/gd/tests/imagebmp_nullbyte_injection.phpt @@ -0,0 +1,17 @@ +--TEST-- +Testing null byte injection in imagebmp +--SKIPIF-- +<?php +if(!extension_loaded('gd')) die('skip gd extension not available'); +if (!gd_info()['BMP Support']) die('skip BMP support not available'); +?> +--FILE-- +<?php +$image = imagecreate(1,1);// 1px image +var_dump(imagebmp($image, "./foo\0bar")); +?> +===DONE=== +--EXPECTF-- +Warning: imagebmp(): Invalid 2nd parameter, filename must not contain null bytes in %s on line %d +bool(false) +===DONE=== diff --git a/ext/gd/tests/imagegd2_nullbyte_injection.phpt b/ext/gd/tests/imagegd2_nullbyte_injection.phpt index 537535b4c2..856acaefee 100644 --- a/ext/gd/tests/imagegd2_nullbyte_injection.phpt +++ b/ext/gd/tests/imagegd2_nullbyte_injection.phpt @@ -4,33 +4,12 @@ Testing null byte injection in imagegd2 <?php if(!extension_loaded('gd')){ die('skip gd extension not available'); } ?> ---CLEAN-- -$tempdir = sprintf("%s/%s", sys_get_temp_dir(), preg_replace("~\.php$~", null, __FILE__)); -foreach (glob($tempdir . "/test*") as $file ) { unlink($file); } -rmdir($tempdir); --FILE-- <?php $image = imagecreate(1,1);// 1px image - -$tempdir = sprintf("%s/%s", sys_get_temp_dir(), preg_replace("~\.php$~", null, __FILE__)); -if (!is_dir($tempdir)) { - mkdir ($tempdir, 0777, true); -} - -$userinput = "1\0"; // from post or get data -$temp = $tempdir. "/test" . $userinput .".tmp"; - -echo "\nimagegd2 TEST\n"; -try { - imagegd2($image, $temp); -} catch (TypeError $e) { - echo $e->getMessage(), "\n"; -} -var_dump(file_exists($tempdir. "/test1")); -var_dump(file_exists($tempdir. "/test1.tmp")); +var_dump(imagegd2($image, "./foo\0bar")); +?> ?> --EXPECT-- -imagegd2 TEST -imagegd2() expects parameter 2 to be a valid path, string given -bool(false) -bool(false) +Warning: imagegd2() expects parameter 2 to be a valid path, string given in %s on line %d +NULL diff --git a/ext/gd/tests/imagegd_nullbyte_injection.phpt b/ext/gd/tests/imagegd_nullbyte_injection.phpt index dbfff3bd93..6bcc0ee2bc 100644 --- a/ext/gd/tests/imagegd_nullbyte_injection.phpt +++ b/ext/gd/tests/imagegd_nullbyte_injection.phpt @@ -4,33 +4,11 @@ Testing null byte injection in imagegd <?php if(!extension_loaded('gd')){ die('skip gd extension not available'); } ?> ---CLEAN-- -$tempdir = sprintf("%s/%s", sys_get_temp_dir(), preg_replace("~\.php$~", null, __FILE__)); -foreach (glob($tempdir . "/test*") as $file ) { unlink($file); } -rmdir($tempdir); --FILE-- <?php $image = imagecreate(1,1);// 1px image - -$tempdir = sprintf("%s/%s", sys_get_temp_dir(), preg_replace("~\.php$~", null, __FILE__)); -if (!is_dir($tempdir)) { - mkdir ($tempdir, 0777, true); -} - -$userinput = "1\0"; // from post or get data -$temp = $tempdir. "/test" . $userinput .".tmp"; - -echo "\nimagegd TEST\n"; -try { - imagegd($image, $temp); -} catch (TypeError $e) { - echo $e->getMessage(), "\n"; -} -var_dump(file_exists($tempdir. "/test1")); -var_dump(file_exists($tempdir. "/test1.tmp")); +var_dump(imagegd($image, "./foo\0bar")); ?> --EXPECT-- -imagegd TEST -imagegd() expects parameter 2 to be a valid path, string given -bool(false) -bool(false) +Warning: imagegd() expects parameter 2 to be a valid path, string given in %s on line %d +NULL diff --git a/ext/gd/tests/imagegif_nullbyte_injection.phpt b/ext/gd/tests/imagegif_nullbyte_injection.phpt index 0f3e5b8bad..c5acdd489e 100644 --- a/ext/gd/tests/imagegif_nullbyte_injection.phpt +++ b/ext/gd/tests/imagegif_nullbyte_injection.phpt @@ -3,10 +3,6 @@ Testing null byte injection in imagegif --SKIPIF-- <?php if(!extension_loaded('gd')){ die('skip gd extension not available'); } -$support = gd_info(); -if (!isset($support['GIF Create Support']) || $support['GIF Create Support'] === false) { - print 'skip gif support not available'; -} ?> --CLEAN-- $tempdir = sprintf("%s/%s", sys_get_temp_dir(), preg_replace("~\.php$~", null, __FILE__)); @@ -15,23 +11,8 @@ rmdir($tempdir); --FILE-- <?php $image = imagecreate(1,1);// 1px image - -$tempdir = sprintf("%s/%s", sys_get_temp_dir(), preg_replace("~\.php$~", null, __FILE__)); -if (!is_dir($tempdir)) { - mkdir ($tempdir, 0777, true); -} - -$userinput = "1\0"; // from post or get data -$temp = $tempdir. "/test" . $userinput .".tmp"; - -echo "\nimagegif TEST\n"; -imagegif($image, $temp); -var_dump(file_exists($tempdir. "/test1")); -var_dump(file_exists($tempdir. "/test1.tmp")); +var_dump(imagegif($image, "./foo\0bar")); ?> --EXPECTF-- -imagegif TEST - Warning: imagegif(): Invalid 2nd parameter, filename must not contain null bytes in %s on line %d bool(false) -bool(false) diff --git a/ext/gd/tests/imagejpeg_nullbyte_injection.phpt b/ext/gd/tests/imagejpeg_nullbyte_injection.phpt index 38eadab4ae..29cb537c3a 100644 --- a/ext/gd/tests/imagejpeg_nullbyte_injection.phpt +++ b/ext/gd/tests/imagejpeg_nullbyte_injection.phpt @@ -15,23 +15,8 @@ rmdir($tempdir); --FILE-- <?php $image = imagecreate(1,1);// 1px image - -$tempdir = sprintf("%s/%s", sys_get_temp_dir(), preg_replace("~\.php$~", null, __FILE__)); -if (!is_dir($tempdir)) { - mkdir ($tempdir, 0777, true); -} - -$userinput = "1\0"; // from post or get data -$temp = $tempdir. "/test" . $userinput .".tmp"; - -echo "\nimagejpeg TEST\n"; -imagejpeg($image, $temp); -var_dump(file_exists($tempdir. "/test1")); -var_dump(file_exists($tempdir. "/test1.tmp")); +var_dump(imagejpeg($image, "./foo\0bar")); ?> --EXPECTF-- -imagejpeg TEST - Warning: imagejpeg(): Invalid 2nd parameter, filename must not contain null bytes in %s on line %d bool(false) -bool(false) diff --git a/ext/gd/tests/imagepng_nullbyte_injection.phpt b/ext/gd/tests/imagepng_nullbyte_injection.phpt index bc9c340397..271d4d5bd3 100644 --- a/ext/gd/tests/imagepng_nullbyte_injection.phpt +++ b/ext/gd/tests/imagepng_nullbyte_injection.phpt @@ -15,23 +15,8 @@ rmdir($tempdir); --FILE-- <?php $image = imagecreate(1,1);// 1px image - -$tempdir = sprintf("%s/%s", sys_get_temp_dir(), preg_replace("~\.php$~", null, __FILE__)); -if (!is_dir($tempdir)) { - mkdir ($tempdir, 0777, true); -} - -$userinput = "1\0"; // from post or get data -$temp = $tempdir. "/test" . $userinput .".tmp"; - -echo "\nimagepng TEST\n"; -imagepng($image, $temp); -var_dump(file_exists($tempdir. "/test1")); -var_dump(file_exists($tempdir. "/test1.tmp")); +var_dump(imagepng($image, "./foo\0bar")); ?> --EXPECTF-- -imagepng TEST - Warning: imagepng(): Invalid 2nd parameter, filename must not contain null bytes in %s on line %d bool(false) -bool(false) diff --git a/ext/gd/tests/imagewbmp_nullbyte_injection.phpt b/ext/gd/tests/imagewbmp_nullbyte_injection.phpt index 466584f968..fc5d238f41 100644 --- a/ext/gd/tests/imagewbmp_nullbyte_injection.phpt +++ b/ext/gd/tests/imagewbmp_nullbyte_injection.phpt @@ -15,23 +15,8 @@ rmdir($tempdir); --FILE-- <?php $image = imagecreate(1,1);// 1px image - -$tempdir = sprintf("%s/%s", sys_get_temp_dir(), preg_replace("~\.php$~", null, __FILE__)); -if (!is_dir($tempdir)) { - mkdir ($tempdir, 0777, true); -} - -$userinput = "1\0"; // from post or get data -$temp = $tempdir. "/test" . $userinput .".tmp"; - -echo "\nimagewbmp TEST\n"; -imagewbmp($image, $temp); -var_dump(file_exists($tempdir. "/test1")); -var_dump(file_exists($tempdir. "/test1.tmp")); +var_dump(imagewbmp($image, "./foo\0bar")); ?> --EXPECTF-- -imagewbmp TEST - Warning: imagewbmp(): Invalid 2nd parameter, filename must not contain null bytes in %s on line %d bool(false) -bool(false) diff --git a/ext/gd/tests/imagewebp_nullbyte_injection.phpt b/ext/gd/tests/imagewebp_nullbyte_injection.phpt index 9d46a21140..d778d0a379 100644 --- a/ext/gd/tests/imagewebp_nullbyte_injection.phpt +++ b/ext/gd/tests/imagewebp_nullbyte_injection.phpt @@ -15,23 +15,8 @@ rmdir($tempdir); --FILE-- <?php $image = imagecreate(1,1);// 1px image - -$tempdir = sprintf("%s/%s", sys_get_temp_dir(), preg_replace("~\.php$~", null, __FILE__)); -if (!is_dir($tempdir)) { - mkdir ($tempdir, 0777, true); -} - -$userinput = "1\0"; // from post or get data -$temp = $tempdir. "/test" . $userinput .".tmp"; - -echo "\nimagewebp TEST\n"; -imagewebp($image, $temp); -var_dump(file_exists($tempdir. "/test1")); -var_dump(file_exists($tempdir. "/test1.tmp")); +var_dump(imagewebp($image, "./foo\0bar")); ?> --EXPECTF-- -imagewebp TEST - Warning: imagewebp(): Invalid 2nd parameter, filename must not contain null bytes in %s on line %d bool(false) -bool(false) diff --git a/ext/gd/tests/imagexbm_nullbyte_injection.phpt b/ext/gd/tests/imagexbm_nullbyte_injection.phpt new file mode 100644 index 0000000000..b485315064 --- /dev/null +++ b/ext/gd/tests/imagexbm_nullbyte_injection.phpt @@ -0,0 +1,16 @@ +--TEST-- +Testing null byte injection in imagexbm +--SKIPIF-- +<?php +if(!extension_loaded('gd')) die('skip gd extension not available'); +?> +--FILE-- +<?php +$image = imagecreate(1,1);// 1px image +var_dump(imagexbm($image, "./foo\0bar")); +?> +===DONE=== +--EXPECTF-- +Warning: imagexbm() expects parameter 2 to be a valid path, string given in %s on line %d +NULL +===DONE=== |