introduced suhosin.upload.allow_utf8

author: Ben Fuhrmannek 2014-07-12 09:25:28 +0200
committer: Ben Fuhrmannek 2014-07-12 09:25:28 +0200
commit: 6bb8cdbbd56c09a6864b40ce21f9a87abd942305 (patch)
tree: ae2455c089646cb118ef1efff3af4b677d3b999e /tests/filter
parent: dd270c094df080ff8438d29e14ec1bbffe0ca993 (diff)
4 files changed, 79 insertions, 0 deletions
diff --git a/tests/filter/suhosin_upload_disallow_binary_utf8.phpt b/tests/filter/suhosin_upload_disallow_binary_utf8.phpt
index 4661dc9..557a8d5 100644
--- a/tests/filter/suhosin_upload_disallow_binary_utf8.phpt
+++ b/tests/filter/suhosin_upload_disallow_binary_utf8.phpt
@@ -7,6 +7,7 @@ suhosin.log.stdout=255
 suhosin.log.script=0
 file_uploads=1
 suhosin.upload.disallow_binary=On
+suhosin.upload.allow_utf8=On
 max_file_uploads=40
 suhosin.upload.max_uploads=40
 --SKIPIF--
diff --git a/tests/filter/suhosin_upload_disallow_binary_utf8fail.phpt b/tests/filter/suhosin_upload_disallow_binary_utf8fail.phpt
new file mode 100644
index 0000000..413d25a
--- /dev/null
+++ b/tests/filter/suhosin_upload_disallow_binary_utf8fail.phpt
@@ -0,0 +1,45 @@
+--TEST--
+Testing: suhosin.upload.disallow_binary=On with UTF-8 and allow_utf8=Off
+--INI--
+suhosin.log.syslog=0
+suhosin.log.sapi=0
+suhosin.log.stdout=255
+suhosin.log.script=0
+file_uploads=1
+suhosin.upload.disallow_binary=On
+suhosin.upload.allow_utf8=Off
+max_file_uploads=40
+suhosin.upload.max_uploads=40
+--SKIPIF--
+<?php include('skipif.inc'); ?>
+--COOKIE--
+--GET--
+--POST_RAW--
+Content-Type: multipart/form-data; boundary=bound
+--bound
+Content-Disposition: form-data; name="test"; filename="test"
+Spaß am Gerät!
+--bound--
+--FILE--
+<?php
+var_dump($_FILES);
+?>
+--EXPECTF--
+array(1) {
+  ["test"]=>
+  array(5) {
+    ["name"]=>
+    string(4) "test"
+    ["type"]=>
+    string(0) ""
+    ["tmp_name"]=>
+    string(0) ""
+    ["error"]=>
+    int(8)
+    ["size"]=>
+    int(0)
+  }
+}
+ALERT - uploaded file contains binary data - file dropped (attacker 'REMOTE_ADDR not set', file '%s')
diff --git a/tests/filter/suhosin_upload_remove_binary_utf8.phpt b/tests/filter/suhosin_upload_remove_binary_utf8.phpt
index 2d10eaa..6fbd240 100644
--- a/tests/filter/suhosin_upload_remove_binary_utf8.phpt
+++ b/tests/filter/suhosin_upload_remove_binary_utf8.phpt
@@ -8,6 +8,7 @@ suhosin.log.script=0
 file_uploads=1
 suhosin.upload.disallow_binary=Off
 suhosin.upload.remove_binary=On
+suhosin.upload.allow_utf8=On
 max_file_uploads=40
 suhosin.upload.max_uploads=40
 --SKIPIF--
diff --git a/tests/filter/suhosin_upload_remove_binary_utf8fail.phpt b/tests/filter/suhosin_upload_remove_binary_utf8fail.phpt
new file mode 100644
index 0000000..5c31115
--- /dev/null
+++ b/tests/filter/suhosin_upload_remove_binary_utf8fail.phpt
@@ -0,0 +1,32 @@
+--TEST--
+Testing: suhosin.upload.remove_binary=On with UTF-8 and allow_utf8=Off
+--INI--
+suhosin.log.syslog=0
+suhosin.log.sapi=0
+suhosin.log.stdout=255
+suhosin.log.script=0
+file_uploads=1
+suhosin.upload.disallow_binary=Off
+suhosin.upload.remove_binary=On
+suhosin.upload.allow_utf8=Off
+max_file_uploads=40
+suhosin.upload.max_uploads=40
+--SKIPIF--
+<?php include('skipif.inc'); ?>
+--COOKIE--
+--GET--
+--POST_RAW--
+Content-Type: multipart/form-data; boundary=bound
+--bound
+Content-Disposition: form-data; name="test"; filename="test"
+Spaß am Gerät!
+--bound--
+--FILE--
+<?php
+var_dump(file_get_contents($_FILES['test']['tmp_name']));
+?>
+--EXPECTF--
+string(13) "Spa am Gert!
+"
+\ No newline at end of file
author	Ben Fuhrmannek	2014-07-12 09:25:28 +0200
committer	Ben Fuhrmannek	2014-07-12 09:25:28 +0200
commit	6bb8cdbbd56c09a6864b40ce21f9a87abd942305 (patch)
tree	ae2455c089646cb118ef1efff3af4b677d3b999e /tests/filter
parent	dd270c094df080ff8438d29e14ec1bbffe0ca993 (diff)

diff --git a/tests/filter/suhosin_upload_disallow_binary_utf8.phpt b/tests/filter/suhosin_upload_disallow_binary_utf8.phpt index 4661dc9..557a8d5 100644 --- a/tests/filter/suhosin_upload_disallow_binary_utf8.phpt +++ b/tests/filter/suhosin_upload_disallow_binary_utf8.phpt
@@ -7,6 +7,7 @@ suhosin.log.stdout=255
7	suhosin.log.script=0	7	suhosin.log.script=0
8	file_uploads=1	8	file_uploads=1
9	suhosin.upload.disallow_binary=On	9	suhosin.upload.disallow_binary=On
		10	suhosin.upload.allow_utf8=On
10	max_file_uploads=40	11	max_file_uploads=40
11	suhosin.upload.max_uploads=40	12	suhosin.upload.max_uploads=40
12	--SKIPIF--	13	--SKIPIF--


diff --git a/tests/filter/suhosin_upload_disallow_binary_utf8fail.phpt b/tests/filter/suhosin_upload_disallow_binary_utf8fail.phpt new file mode 100644 index 0000000..413d25a --- /dev/null +++ b/tests/filter/suhosin_upload_disallow_binary_utf8fail.phpt
@@ -0,0 +1,45 @@
		1	--TEST--
		2	Testing: suhosin.upload.disallow_binary=On with UTF-8 and allow_utf8=Off
		3	--INI--
		4	suhosin.log.syslog=0
		5	suhosin.log.sapi=0
		6	suhosin.log.stdout=255
		7	suhosin.log.script=0
		8	file_uploads=1
		9	suhosin.upload.disallow_binary=On
		10	suhosin.upload.allow_utf8=Off
		11	max_file_uploads=40
		12	suhosin.upload.max_uploads=40
		13	--SKIPIF--
		14	<?php include('skipif.inc'); ?>
		15	--COOKIE--
		16	--GET--
		17	--POST_RAW--
		18	Content-Type: multipart/form-data; boundary=bound
		19	--bound
		20	Content-Disposition: form-data; name="test"; filename="test"
		21
		22	Spaß am Gerät!
		23
		24	--bound--
		25	--FILE--
		26	<?php
		27	var_dump($_FILES);
		28	?>
		29	--EXPECTF--
		30	array(1) {
		31	["test"]=>
		32	array(5) {
		33	["name"]=>
		34	string(4) "test"
		35	["type"]=>
		36	string(0) ""
		37	["tmp_name"]=>
		38	string(0) ""
		39	["error"]=>
		40	int(8)
		41	["size"]=>
		42	int(0)
		43	}
		44	}
		45	ALERT - uploaded file contains binary data - file dropped (attacker 'REMOTE_ADDR not set', file '%s')


diff --git a/tests/filter/suhosin_upload_remove_binary_utf8.phpt b/tests/filter/suhosin_upload_remove_binary_utf8.phpt index 2d10eaa..6fbd240 100644 --- a/tests/filter/suhosin_upload_remove_binary_utf8.phpt +++ b/tests/filter/suhosin_upload_remove_binary_utf8.phpt
@@ -8,6 +8,7 @@ suhosin.log.script=0
8	file_uploads=1	8	file_uploads=1
9	suhosin.upload.disallow_binary=Off	9	suhosin.upload.disallow_binary=Off
10	suhosin.upload.remove_binary=On	10	suhosin.upload.remove_binary=On
		11	suhosin.upload.allow_utf8=On
11	max_file_uploads=40	12	max_file_uploads=40
12	suhosin.upload.max_uploads=40	13	suhosin.upload.max_uploads=40
13	--SKIPIF--	14	--SKIPIF--


diff --git a/tests/filter/suhosin_upload_remove_binary_utf8fail.phpt b/tests/filter/suhosin_upload_remove_binary_utf8fail.phpt new file mode 100644 index 0000000..5c31115 --- /dev/null +++ b/tests/filter/suhosin_upload_remove_binary_utf8fail.phpt
@@ -0,0 +1,32 @@
		1	--TEST--
		2	Testing: suhosin.upload.remove_binary=On with UTF-8 and allow_utf8=Off
		3	--INI--
		4	suhosin.log.syslog=0
		5	suhosin.log.sapi=0
		6	suhosin.log.stdout=255
		7	suhosin.log.script=0
		8	file_uploads=1
		9	suhosin.upload.disallow_binary=Off
		10	suhosin.upload.remove_binary=On
		11	suhosin.upload.allow_utf8=Off
		12	max_file_uploads=40
		13	suhosin.upload.max_uploads=40
		14	--SKIPIF--
		15	<?php include('skipif.inc'); ?>
		16	--COOKIE--
		17	--GET--
		18	--POST_RAW--
		19	Content-Type: multipart/form-data; boundary=bound
		20	--bound
		21	Content-Disposition: form-data; name="test"; filename="test"
		22
		23	Spaß am Gerät!
		24
		25	--bound--
		26	--FILE--
		27	<?php
		28	var_dump(file_get_contents($_FILES['test']['tmp_name']));
		29	?>
		30	--EXPECTF--
		31	string(13) "Spa am Gert!
		32	" \ No newline at end of file