summaryrefslogtreecommitdiff
path: root/ext/imap/tests/bug77153.phpt
diff options
context:
space:
mode:
Diffstat (limited to 'ext/imap/tests/bug77153.phpt')
-rw-r--r--ext/imap/tests/bug77153.phpt24
1 files changed, 24 insertions, 0 deletions
diff --git a/ext/imap/tests/bug77153.phpt b/ext/imap/tests/bug77153.phpt
new file mode 100644
index 0000000000..63590aee1d
--- /dev/null
+++ b/ext/imap/tests/bug77153.phpt
@@ -0,0 +1,24 @@
+--TEST--
+Bug #77153 (imap_open allows to run arbitrary shell commands via mailbox parameter)
+--SKIPIF--
+<?php
+ if (!extension_loaded("imap")) {
+ die("skip imap extension not available");
+ }
+?>
+--FILE--
+<?php
+$payload = "echo 'BUG'> " . __DIR__ . '/__bug';
+$payloadb64 = base64_encode($payload);
+$server = "x -oProxyCommand=echo\t$payloadb64|base64\t-d|sh}";
+@imap_open('{'.$server.':143/imap}INBOX', '', '');
+// clean
+imap_errors();
+var_dump(file_exists(__DIR__ . '/__bug'));
+?>
+--EXPECT--
+bool(false)
+--CLEAN--
+<?php
+if(file_exists(__DIR__ . '/__bug')) unlink(__DIR__ . '/__bug');
+?> \ No newline at end of file
View Lorry Controller Status