summaryrefslogtreecommitdiff
path: root/tests/include/include_etc_passwd.phpt
diff options
context:
space:
mode:
authorStefan Esser2010-02-21 11:44:54 +0100
committerStefan Esser2010-02-21 11:44:54 +0100
commit36dbfacbe64697d959f524e537b15b73c090d898 (patch)
treef1c7ce1409b0e7765fc72d550546967fcf0f9717 /tests/include/include_etc_passwd.phpt
Inital commit
Diffstat (limited to 'tests/include/include_etc_passwd.phpt')
-rw-r--r--tests/include/include_etc_passwd.phpt23
1 files changed, 23 insertions, 0 deletions
diff --git a/tests/include/include_etc_passwd.phpt b/tests/include/include_etc_passwd.phpt
new file mode 100644
index 0000000..fb3c4e2
--- /dev/null
+++ b/tests/include/include_etc_passwd.phpt
@@ -0,0 +1,23 @@
1--TEST--
2Include "../../../../../../../../../../../etc/passwd";
3--SKIPIF--
4<?php include "../skipifcli.inc"; ?>
5--INI--
6suhosin.log.syslog=0
7suhosin.log.sapi=255
8suhosin.log.script=0
9suhosin.log.phpscript=0
10suhosin.executor.include.whitelist=
11suhosin.executor.include.blacklist=
12suhosin.executor.include.max_traversal=3
13--FILE--
14<?php
15 $var = dirname(__FILE__)."/../empty.inc";
16 include $var;
17 echo $value,"\n";
18 $var = dirname(__FILE__)."/../../../../../../../../../../../etc/passwd";
19 include $var;
20?>
21--EXPECTF--
22value-from-empty.inc
23ALERT - Include filename ('%s../../../../../../../../../../../etc/passwd') contains too many '../' (attacker 'REMOTE_ADDR not set', file '%s', line 6)