enforce SQL username check + return FALSE instead of bailout

author: Ben Fuhrmannek 2014-07-09 13:55:58 +0200
committer: Ben Fuhrmannek 2014-07-09 13:55:58 +0200
commit: 84996270798fccffe2da890ad7a7c270d298a6e8 (patch)
tree: 2e3d1e7bdc31138e28c666232888aa21a07484d6 /tests
parent: f98d4e20ffc1238a0f84729573a46fcd8d550f1e (diff)
2 files changed, 18 insertions, 1 deletions
diff --git a/tests/sql/mysqli_connect_invalid_username.phpt b/tests/sql/mysqli_connect_invalid_username.phpt
new file mode 100644
index 0000000..532254f
--- /dev/null
+++ b/tests/sql/mysqli_connect_invalid_username.phpt
@@ -0,0 +1,17 @@
+--TEST--
+Mysqli connect with user_match not matching username
+--INI--
+extension=mysqli.so
+suhosin.log.stdout=32
+--SKIPIF--
+<?php
+include('skipifmysqli.inc');
+include('skipif.inc');
+?>
+--FILE--
+<?php
+include('connect.inc');
+$mysqli = new mysqli($host, "invalid\x01_username", $passwd, $db, $port, $socket);
+?>
+--EXPECTREGEX--
+ALERT - SQL username contains invalid characters.*
+\ No newline at end of file
diff --git a/tests/sql/mysqli_user_match_ok.phpt b/tests/sql/mysqli_user_match_ok.phpt
index 4d7a438..a2ad832 100644
--- a/tests/sql/mysqli_user_match_ok.phpt
+++ b/tests/sql/mysqli_user_match_ok.phpt
@@ -1,5 +1,5 @@
 --TEST--
-Mysqli connect with user_match not matching username
+Mysqli connect with user_match matching username
 --INI--
 extension=mysqli.so
 suhosin.sql.user_match=invalid_*
author	Ben Fuhrmannek	2014-07-09 13:55:58 +0200
committer	Ben Fuhrmannek	2014-07-09 13:55:58 +0200
commit	84996270798fccffe2da890ad7a7c270d298a6e8 (patch)
tree	2e3d1e7bdc31138e28c666232888aa21a07484d6 /tests
parent	f98d4e20ffc1238a0f84729573a46fcd8d550f1e (diff)

diff --git a/tests/sql/mysqli_connect_invalid_username.phpt b/tests/sql/mysqli_connect_invalid_username.phpt new file mode 100644 index 0000000..532254f --- /dev/null +++ b/tests/sql/mysqli_connect_invalid_username.phpt
@@ -0,0 +1,17 @@
		1	--TEST--
		2	Mysqli connect with user_match not matching username
		3	--INI--
		4	extension=mysqli.so
		5	suhosin.log.stdout=32
		6	--SKIPIF--
		7	<?php
		8	include('skipifmysqli.inc');
		9	include('skipif.inc');
		10	?>
		11	--FILE--
		12	<?php
		13	include('connect.inc');
		14	$mysqli = new mysqli($host, "invalid\x01_username", $passwd, $db, $port, $socket);
		15	?>
		16	--EXPECTREGEX--
		17	ALERT - SQL username contains invalid characters.* \ No newline at end of file


diff --git a/tests/sql/mysqli_user_match_ok.phpt b/tests/sql/mysqli_user_match_ok.phpt index 4d7a438..a2ad832 100644 --- a/tests/sql/mysqli_user_match_ok.phpt +++ b/tests/sql/mysqli_user_match_ok.phpt
@@ -1,5 +1,5 @@
1	--TEST--	1	--TEST--
2	Mysqli connect with user_match not matching username	2	Mysqli connect with user_match matching username
3	--INI--	3	--INI--
4	extension=mysqli.so	4	extension=mysqli.so
5	suhosin.sql.user_match=invalid_*	5	suhosin.sql.user_match=invalid_*