diff options
95 files changed, 452 insertions, 161 deletions
| @@ -25,4 +25,4 @@ | |||
| 25 | /modules/ | 25 | /modules/ |
| 26 | /run-tests.php | 26 | /run-tests.php |
| 27 | /suhosin.la | 27 | /suhosin.la |
| 28 | 28 | /tests/*/*.tmp | |
| @@ -261,10 +261,14 @@ log_file: | |||
| 261 | return; | 261 | return; |
| 262 | } | 262 | } |
| 263 | 263 | ||
| 264 | gettimeofday(&tv, NULL); | 264 | if (SUHOSIN_G(log_file_time)) { |
| 265 | now = tv.tv_sec; | 265 | gettimeofday(&tv, NULL); |
| 266 | php_localtime_r(&now, &tm); | 266 | now = tv.tv_sec; |
| 267 | ap_php_snprintf(error, sizeof(error), "%s %2d %02d:%02d:%02d [%u] %s\n", month_names[tm.tm_mon], tm.tm_mday, tm.tm_hour, tm.tm_min, tm.tm_sec, getpid(),buf); | 267 | php_localtime_r(&now, &tm); |
| 268 | ap_php_snprintf(error, sizeof(error), "%s %2d %02d:%02d:%02d [%u] %s\n", month_names[tm.tm_mon], tm.tm_mday, tm.tm_hour, tm.tm_min, tm.tm_sec, getpid(),buf); | ||
| 269 | } else { | ||
| 270 | ap_php_snprintf(error, sizeof(error), "%s\n", buf); | ||
| 271 | } | ||
| 268 | towrite = strlen(error); | 272 | towrite = strlen(error); |
| 269 | wbuf = error; | 273 | wbuf = error; |
| 270 | php_flock(fd, LOCK_EX); | 274 | php_flock(fd, LOCK_EX); |
| @@ -290,7 +294,7 @@ log_sapi: | |||
| 290 | #endif | 294 | #endif |
| 291 | } | 295 | } |
| 292 | if ((SUHOSIN_G(log_stdout) & loglevel)!=0) { | 296 | if ((SUHOSIN_G(log_stdout) & loglevel)!=0) { |
| 293 | printf("%s\n", buf); | 297 | fprintf(stdout, "%s\n", buf); |
| 294 | } | 298 | } |
| 295 | 299 | ||
| 296 | /*log_script:*/ | 300 | /*log_script:*/ |
diff --git a/php_suhosin.h b/php_suhosin.h index 7be628a..28a88eb 100644 --- a/php_suhosin.h +++ b/php_suhosin.h | |||
| @@ -252,7 +252,9 @@ ZEND_BEGIN_MODULE_GLOBALS(suhosin) | |||
| 252 | zend_bool upload_disallow_elf; | 252 | zend_bool upload_disallow_elf; |
| 253 | zend_bool upload_disallow_binary; | 253 | zend_bool upload_disallow_binary; |
| 254 | zend_bool upload_remove_binary; | 254 | zend_bool upload_remove_binary; |
| 255 | #ifdef SUHOSIN_EXPERIMENTAL | ||
| 255 | zend_bool upload_allow_utf8; | 256 | zend_bool upload_allow_utf8; |
| 257 | #endif | ||
| 256 | char *upload_verification_script; | 258 | char *upload_verification_script; |
| 257 | 259 | ||
| 258 | zend_bool no_more_variables; | 260 | zend_bool no_more_variables; |
| @@ -277,6 +279,7 @@ ZEND_BEGIN_MODULE_GLOBALS(suhosin) | |||
| 277 | zend_bool log_phpscript_is_safe; | 279 | zend_bool log_phpscript_is_safe; |
| 278 | long log_file; | 280 | long log_file; |
| 279 | char *log_filename; | 281 | char *log_filename; |
| 282 | zend_bool log_file_time; | ||
| 280 | 283 | ||
| 281 | /* header handler */ | 284 | /* header handler */ |
| 282 | zend_bool allow_multiheader; | 285 | zend_bool allow_multiheader; |
diff --git a/pkg/build_deb.sh b/pkg/build_deb.sh new file mode 100755 index 0000000..d4a44fa --- /dev/null +++ b/pkg/build_deb.sh | |||
| @@ -0,0 +1,119 @@ | |||
| 1 | #!/bin/bash | ||
| 2 | |||
| 3 | _exit() { | ||
| 4 | echo "[E] bye." | ||
| 5 | exit 1 | ||
| 6 | } | ||
| 7 | |||
| 8 | yn_or_exit() { | ||
| 9 | echo -n "[?] OK? [y] " | ||
| 10 | read yn | ||
| 11 | if [ "$yn" != "" -a "$yn" != "y" ]; then | ||
| 12 | _exit | ||
| 13 | fi | ||
| 14 | } | ||
| 15 | |||
| 16 | ## | ||
| 17 | |||
| 18 | echo "[*] checking prerequisites..." | ||
| 19 | for i in phpize make install fakeroot php-config dpkg-deb dpkg-architecture; do | ||
| 20 | if [ "`which $i`" == "" ]; then | ||
| 21 | echo "[E] please install '$i' and try again." | ||
| 22 | _exit | ||
| 23 | fi | ||
| 24 | done | ||
| 25 | |||
| 26 | ## | ||
| 27 | |||
| 28 | HERE=`(cd $(dirname $0); pwd)` | ||
| 29 | SUHOSIN=$HERE/.. | ||
| 30 | ROOT=$HERE/tmp | ||
| 31 | PKGDIR=$HERE | ||
| 32 | PHP_EX=`php-config --extension-dir` | ||
| 33 | eval `dpkg-architecture -l` | ||
| 34 | VERSION=${SUHOSIN_VERSION:-$1} | ||
| 35 | |||
| 36 | if [ "$VERSION" == "" ]; then | ||
| 37 | echo "[E] please set SUHOSIN_VERSION, e.g. $0 0.9.36-1~dev1" | ||
| 38 | _exit | ||
| 39 | fi | ||
| 40 | |||
| 41 | echo "[*] -----------------------------------------------------------" | ||
| 42 | echo "[+] suhosin dir: $SUHOSIN" | ||
| 43 | echo "[+] tmp dir: $ROOT" | ||
| 44 | echo "[+] PHP extension dir: $PHP_EX" | ||
| 45 | echo "[+] architecture: $DEB_HOST_ARCH" | ||
| 46 | echo "[+] suhosin deb version: $VERSION" | ||
| 47 | echo "[+] pkg output dir: $PKGDIR" | ||
| 48 | yn_or_exit | ||
| 49 | |||
| 50 | if [ ! -f "$SUHOSIN/modules/suhosin.so" ]; then | ||
| 51 | echo "[+] Cannot find suhosin.so. I will try to build it." | ||
| 52 | yn_or_exit | ||
| 53 | |||
| 54 | if [ ! -f "$SUHOSIN/configure" ]; then | ||
| 55 | echo "[*] phpize" | ||
| 56 | cd $SUHOSIN | ||
| 57 | phpize || _exit | ||
| 58 | fi | ||
| 59 | |||
| 60 | if [ ! -f "$SUHOSIN/Makefile" ]; then | ||
| 61 | echo "[*] configure" | ||
| 62 | cd $SUHOSIN | ||
| 63 | ./configure --enable-suhosin-experimental | ||
| 64 | fi | ||
| 65 | |||
| 66 | echo "[*] make" | ||
| 67 | make clean | ||
| 68 | make -C $SUHOSIN || _exit | ||
| 69 | fi | ||
| 70 | |||
| 71 | ## | ||
| 72 | |||
| 73 | echo "[*] deb" | ||
| 74 | |||
| 75 | if [ -d "$ROOT" ]; then | ||
| 76 | echo "[+] tmp dir $ROOT already exists. Delete?" | ||
| 77 | yn_or_exit | ||
| 78 | rm -rf $ROOT | ||
| 79 | fi | ||
| 80 | |||
| 81 | ## | ||
| 82 | |||
| 83 | mkdir -p $ROOT/DEBIAN | ||
| 84 | echo "9" >$ROOT/DEBIAN/compat | ||
| 85 | cat >$ROOT/DEBIAN/control <<EOF | ||
| 86 | Package: php5-suhosin-extension | ||
| 87 | Section: php | ||
| 88 | Priority: extra | ||
| 89 | Maintainer: Ben Fuhrmannek <ben@sektioneins.de> | ||
| 90 | Homepage: http://www.suhosin.org/ | ||
| 91 | Conflicts: php5-suhosin | ||
| 92 | Description: advanced protection system for PHP5 | ||
| 93 | This package provides a PHP hardening module. | ||
| 94 | . | ||
| 95 | Suhosin is an advanced protection system for PHP installations. It was | ||
| 96 | designed to protect servers and users from known and unknown flaws in PHP | ||
| 97 | applications and the PHP core. Suhosin comes in two independent parts, that | ||
| 98 | can be used separately or in combination. The first part is a small patch | ||
| 99 | against the PHP core, that implements a few low-level protections against | ||
| 100 | bufferoverflows or format string vulnerabilities and the second part is a | ||
| 101 | powerful PHP extension that implements all the other protections. | ||
| 102 | . | ||
| 103 | This Package provides the suhosin extension only. | ||
| 104 | EOF | ||
| 105 | |||
| 106 | echo "Architecture: $DEB_HOST_ARCH" >>$ROOT/DEBIAN/control | ||
| 107 | echo "Version: $VERSION" >>$ROOT/DEBIAN/control | ||
| 108 | |||
| 109 | install -d -g 0 -o 0 $ROOT$PHP_EX | ||
| 110 | install -g 0 -o 0 $SUHOSIN/modules/suhosin.so $ROOT$PHP_EX | ||
| 111 | install -d -g 0 -o 0 $ROOT/usr/share/doc/php5-suhosin-extension | ||
| 112 | install -g 0 -o 0 -m 644 $SUHOSIN/suhosin.ini $ROOT/usr/share/doc/php5-suhosin-extension/suhosin.ini.example | ||
| 113 | install -d -g 0 -o 0 $ROOT/etc/php5/mods-available | ||
| 114 | sed -e 's/^;extension=/extension=/' $SUHOSIN/suhosin.ini >$ROOT/etc/php5/mods-available/suhosin.ini | ||
| 115 | chown root:root $ROOT/etc/php5/mods-available/suhosin.ini | ||
| 116 | |||
| 117 | fakeroot dpkg-deb -b $ROOT $PKGDIR | ||
| 118 | |||
| 119 | echo "[*] done." | ||
| @@ -750,6 +750,7 @@ static zend_ini_entry shared_ini_entries[] = { | |||
| 750 | STD_ZEND_INI_ENTRY("suhosin.log.phpscript.name", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateLogString, log_phpscriptname, zend_suhosin_globals, suhosin_globals) | 750 | STD_ZEND_INI_ENTRY("suhosin.log.phpscript.name", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateLogString, log_phpscriptname, zend_suhosin_globals, suhosin_globals) |
| 751 | ZEND_INI_ENTRY("suhosin.log.file", "0", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateSuhosin_log_file) | 751 | ZEND_INI_ENTRY("suhosin.log.file", "0", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateSuhosin_log_file) |
| 752 | STD_ZEND_INI_ENTRY("suhosin.log.file.name", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateLogString, log_filename, zend_suhosin_globals, suhosin_globals) | 752 | STD_ZEND_INI_ENTRY("suhosin.log.file.name", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateLogString, log_filename, zend_suhosin_globals, suhosin_globals) |
| 753 | STD_ZEND_INI_BOOLEAN("suhosin.log.file.time", "1", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateLogBool, log_file_time, zend_suhosin_globals, suhosin_globals) | ||
| 753 | STD_ZEND_INI_BOOLEAN("suhosin.log.phpscript.is_safe", "0", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateLogBool, log_phpscript_is_safe, zend_suhosin_globals, suhosin_globals) | 754 | STD_ZEND_INI_BOOLEAN("suhosin.log.phpscript.is_safe", "0", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateLogBool, log_phpscript_is_safe, zend_suhosin_globals, suhosin_globals) |
| 754 | ZEND_INI_END() | 755 | ZEND_INI_END() |
| 755 | 756 | ||
| @@ -826,7 +827,9 @@ PHP_INI_BEGIN() | |||
| 826 | STD_PHP_INI_ENTRY("suhosin.upload.disallow_elf", "1", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateUploadBool, upload_disallow_elf, zend_suhosin_globals, suhosin_globals) | 827 | STD_PHP_INI_ENTRY("suhosin.upload.disallow_elf", "1", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateUploadBool, upload_disallow_elf, zend_suhosin_globals, suhosin_globals) |
| 827 | STD_PHP_INI_ENTRY("suhosin.upload.disallow_binary", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateUploadBool, upload_disallow_binary, zend_suhosin_globals, suhosin_globals) | 828 | STD_PHP_INI_ENTRY("suhosin.upload.disallow_binary", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateUploadBool, upload_disallow_binary, zend_suhosin_globals, suhosin_globals) |
| 828 | STD_PHP_INI_ENTRY("suhosin.upload.remove_binary", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateUploadBool, upload_remove_binary, zend_suhosin_globals, suhosin_globals) | 829 | STD_PHP_INI_ENTRY("suhosin.upload.remove_binary", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateUploadBool, upload_remove_binary, zend_suhosin_globals, suhosin_globals) |
| 829 | STD_PHP_INI_ENTRY("suhosin.upload.allow_utf8", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateUploadBool, upload_allow_utf8, zend_suhosin_globals, suhosin_globals) | 830 | #ifdef SUHOSIN_EXPERIMENTAL |
| 831 | STD_PHP_INI_BOOLEAN("suhosin.upload.allow_utf8", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateUploadBool, upload_allow_utf8, zend_suhosin_globals, suhosin_globals) | ||
| 832 | #endif | ||
| 830 | STD_PHP_INI_ENTRY("suhosin.upload.verification_script", NULL, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateUploadString, upload_verification_script, zend_suhosin_globals, suhosin_globals) | 833 | STD_PHP_INI_ENTRY("suhosin.upload.verification_script", NULL, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateUploadString, upload_verification_script, zend_suhosin_globals, suhosin_globals) |
| 831 | 834 | ||
| 832 | 835 | ||
diff --git a/suhosin.ini b/suhosin.ini index 3ae8ff5..311bca7 100644 --- a/suhosin.ini +++ b/suhosin.ini | |||
| @@ -105,9 +105,6 @@ | |||
| 105 | ; | LOG_LOCAL7 | 31 | | 105 | ; | LOG_LOCAL7 | 31 | |
| 106 | ; +--------------+-------+ | 106 | ; +--------------+-------+ |
| 107 | ; | 107 | ; |
| 108 | ; Using constant names is only supported with the Suhosin-Patch. If in doubt, use | ||
| 109 | ; the numeric value. | ||
| 110 | ; | ||
| 111 | ;suhosin.log.syslog.facility = LOG_USER | 108 | ;suhosin.log.syslog.facility = LOG_USER |
| 112 | ; | 109 | ; |
| 113 | 110 | ||
| @@ -141,9 +138,6 @@ | |||
| 141 | ; |LOG_ERR | 7 | | 138 | ; |LOG_ERR | 7 | |
| 142 | ; +------------+-------+ | 139 | ; +------------+-------+ |
| 143 | ; | 140 | ; |
| 144 | ; Using constant names is only supported with the Suhosin-Patch. If in doubt, use | ||
| 145 | ; the numeric value. | ||
| 146 | ; | ||
| 147 | ;suhosin.log.syslog.priority = LOG_ALERT | 141 | ;suhosin.log.syslog.priority = LOG_ALERT |
| 148 | ; | 142 | ; |
| 149 | 143 | ||
| @@ -1325,8 +1319,8 @@ | |||
| 1325 | ; * Type: Boolean | 1319 | ; * Type: Boolean |
| 1326 | ; * Default: Off | 1320 | ; * Default: Off |
| 1327 | ; | 1321 | ; |
| 1328 | ; This option allows UTF-8 along with ASCII when using | 1322 | ; This is an experimental feature. This option allows UTF-8 along with ASCII when |
| 1329 | ; `suhosin.upload.disallow_binary` or `suhosin.upload.remove_binary`. | 1323 | ; using `suhosin.upload.disallow_binary` or `suhosin.upload.remove_binary`. |
| 1330 | ; | 1324 | ; |
| 1331 | ;suhosin.upload.allow_utf8 = Off | 1325 | ;suhosin.upload.allow_utf8 = Off |
| 1332 | ; | 1326 | ; |
diff --git a/tests/executor/allow_symlink_off.phpt b/tests/executor/allow_symlink_off.phpt index 782d818..8abdee8 100644 --- a/tests/executor/allow_symlink_off.phpt +++ b/tests/executor/allow_symlink_off.phpt | |||
| @@ -5,10 +5,13 @@ suhosin.executor.allow_symlink=Off | |||
| 5 | --INI-- | 5 | --INI-- |
| 6 | error_reporting=E_ALL | 6 | error_reporting=E_ALL |
| 7 | open_basedir= | 7 | open_basedir= |
| 8 | suhosin.log.stdout=255 | ||
| 9 | suhosin.log.script=0 | ||
| 10 | suhosin.log.syslog=0 | 8 | suhosin.log.syslog=0 |
| 11 | suhosin.log.sapi=0 | 9 | suhosin.log.sapi=0 |
| 10 | suhosin.log.script=0 | ||
| 11 | suhosin.log.file=255 | ||
| 12 | suhosin.log.file.time=0 | ||
| 13 | suhosin.log.file.name={PWD}/suhosintest.$$.log.tmp | ||
| 14 | auto_append_file={PWD}/suhosintest.$$.log.tmp | ||
| 12 | suhosin.executor.allow_symlink=Off | 15 | suhosin.executor.allow_symlink=Off |
| 13 | --FILE-- | 16 | --FILE-- |
| 14 | <?php | 17 | <?php |
diff --git a/tests/filter/filter_logging_statistics.phpt b/tests/filter/filter_logging_statistics.phpt index a448d78..d7550fd 100644 --- a/tests/filter/filter_logging_statistics.phpt +++ b/tests/filter/filter_logging_statistics.phpt | |||
| @@ -3,12 +3,15 @@ suhosin variable filter logging statistics | |||
| 3 | --INI-- | 3 | --INI-- |
| 4 | suhosin.log.syslog=0 | 4 | suhosin.log.syslog=0 |
| 5 | suhosin.log.sapi=0 | 5 | suhosin.log.sapi=0 |
| 6 | suhosin.log.stdout=255 | ||
| 7 | suhosin.log.script=0 | 6 | suhosin.log.script=0 |
| 7 | suhosin.log.file=255 | ||
| 8 | suhosin.log.file.time=0 | ||
| 9 | suhosin.log.file.name={PWD}/suhosintest.$$.log.tmp | ||
| 10 | auto_append_file={PWD}/suhosintest.$$.log.tmp | ||
| 8 | suhosin.get.max_vars=5 | 11 | suhosin.get.max_vars=5 |
| 9 | error_reporting=E_ALL | 12 | error_reporting=E_ALL |
| 10 | --SKIPIF-- | 13 | --SKIPIF-- |
| 11 | <?php include('skipif.inc'); ?> | 14 | <?php include('../skipif.inc'); ?> |
| 12 | --COOKIE-- | 15 | --COOKIE-- |
| 13 | --GET-- | 16 | --GET-- |
| 14 | A=A&B=B&C=C&D=D&E=E&F=F&G=G& | 17 | A=A&B=B&C=C&D=D&E=E&F=F&G=G& |
diff --git a/tests/filter/get_filter_1.phpt b/tests/filter/get_filter_1.phpt index 0ab079c..a4218be 100644 --- a/tests/filter/get_filter_1.phpt +++ b/tests/filter/get_filter_1.phpt | |||
| @@ -3,10 +3,13 @@ suhosin GET filter (disallowed variable names) | |||
| 3 | --INI-- | 3 | --INI-- |
| 4 | suhosin.log.syslog=0 | 4 | suhosin.log.syslog=0 |
| 5 | suhosin.log.sapi=0 | 5 | suhosin.log.sapi=0 |
| 6 | suhosin.log.stdout=255 | ||
| 7 | suhosin.log.script=0 | 6 | suhosin.log.script=0 |
| 7 | suhosin.log.file=255 | ||
| 8 | suhosin.log.file.time=0 | ||
| 9 | suhosin.log.file.name={PWD}/suhosintest.$$.log.tmp | ||
| 10 | auto_append_file={PWD}/suhosintest.$$.log.tmp | ||
| 8 | --SKIPIF-- | 11 | --SKIPIF-- |
| 9 | <?php include('skipif.inc'); ?> | 12 | <?php include('../skipif.inc'); ?> |
| 10 | --COOKIE-- | 13 | --COOKIE-- |
| 11 | --GET-- | 14 | --GET-- |
| 12 | HTTP_RAW_POST_DATA=HTTP_RAW_POST_DATA&HTTP_SESSION_VARS=HTTP_SESSION_VARS&harmless1=harmless1&HTTP_SERVER_VARS=HTTP_SERVER_VARS&HTTP_COOKIE_VARS=HTTP_COOKIE_VARS&HTTP_POST_FILES=HTTP_POST_FILES&HTTP_POST_VARS=HTTP_POST_VARS&HTTP_GET_VARS=HTTP_GET_VARS&HTTP_ENV_VARS=HTTP_ENV_VARS&_SESSION=_SESSION&_REQUEST=_REQUEST&GLOBALS=GLOBALS&_COOKIE=_COOKIE&_SERVER=_SERVER&_FILES=_FILES&_POST=_POST&_ENV=_ENV&_GET=_GET&harmless2=harmless2& | 15 | HTTP_RAW_POST_DATA=HTTP_RAW_POST_DATA&HTTP_SESSION_VARS=HTTP_SESSION_VARS&harmless1=harmless1&HTTP_SERVER_VARS=HTTP_SERVER_VARS&HTTP_COOKIE_VARS=HTTP_COOKIE_VARS&HTTP_POST_FILES=HTTP_POST_FILES&HTTP_POST_VARS=HTTP_POST_VARS&HTTP_GET_VARS=HTTP_GET_VARS&HTTP_ENV_VARS=HTTP_ENV_VARS&_SESSION=_SESSION&_REQUEST=_REQUEST&GLOBALS=GLOBALS&_COOKIE=_COOKIE&_SERVER=_SERVER&_FILES=_FILES&_POST=_POST&_ENV=_ENV&_GET=_GET&harmless2=harmless2& |
diff --git a/tests/filter/get_filter_2.phpt b/tests/filter/get_filter_2.phpt index 189ac28..5aa53d7 100644 --- a/tests/filter/get_filter_2.phpt +++ b/tests/filter/get_filter_2.phpt | |||
| @@ -3,11 +3,14 @@ suhosin GET filter (suhosin.get.max_vars) | |||
| 3 | --INI-- | 3 | --INI-- |
| 4 | suhosin.log.syslog=0 | 4 | suhosin.log.syslog=0 |
| 5 | suhosin.log.sapi=0 | 5 | suhosin.log.sapi=0 |
| 6 | suhosin.log.stdout=255 | ||
| 7 | suhosin.log.script=0 | 6 | suhosin.log.script=0 |
| 7 | suhosin.log.file=255 | ||
| 8 | suhosin.log.file.time=0 | ||
| 9 | suhosin.log.file.name={PWD}/suhosintest.$$.log.tmp | ||
| 10 | auto_append_file={PWD}/suhosintest.$$.log.tmp | ||
| 8 | suhosin.get.max_vars=5 | 11 | suhosin.get.max_vars=5 |
| 9 | --SKIPIF-- | 12 | --SKIPIF-- |
| 10 | <?php include('skipif.inc'); ?> | 13 | <?php include('../skipif.inc'); ?> |
| 11 | --COOKIE-- | 14 | --COOKIE-- |
| 12 | --GET-- | 15 | --GET-- |
| 13 | A=A&B=B&C=C&D=D&E=E&F=F&G=G& | 16 | A=A&B=B&C=C&D=D&E=E&F=F&G=G& |
diff --git a/tests/filter/get_filter_allow_ws.phpt b/tests/filter/get_filter_allow_ws.phpt index 41b230e..2a0445c 100644 --- a/tests/filter/get_filter_allow_ws.phpt +++ b/tests/filter/get_filter_allow_ws.phpt | |||
| @@ -10,7 +10,7 @@ suhosin.get.disallow_ws=0 | |||
| 10 | suhosin.post.disallow_ws=0 | 10 | suhosin.post.disallow_ws=0 |
| 11 | suhosin.cookie.disallow_ws=0 | 11 | suhosin.cookie.disallow_ws=0 |
| 12 | --SKIPIF-- | 12 | --SKIPIF-- |
| 13 | <?php include('skipif.inc'); ?> | 13 | <?php include('../skipif.inc'); ?> |
| 14 | --COOKIE-- | 14 | --COOKIE-- |
| 15 | +var1=1;var2=2;%20var3=3; var4=4; | 15 | +var1=1;var2=2;%20var3=3; var4=4; |
| 16 | --GET-- | 16 | --GET-- |
diff --git a/tests/filter/get_filter_cookie_disallow_ws.phpt b/tests/filter/get_filter_cookie_disallow_ws.phpt index 4da6716..3065b7d 100644 --- a/tests/filter/get_filter_cookie_disallow_ws.phpt +++ b/tests/filter/get_filter_cookie_disallow_ws.phpt | |||
| @@ -3,11 +3,14 @@ suhosin input filter (suhosin.cookie.disallow_ws) | |||
| 3 | --INI-- | 3 | --INI-- |
| 4 | suhosin.log.syslog=0 | 4 | suhosin.log.syslog=0 |
| 5 | suhosin.log.sapi=0 | 5 | suhosin.log.sapi=0 |
| 6 | suhosin.log.stdout=255 | ||
| 7 | suhosin.log.script=0 | 6 | suhosin.log.script=0 |
| 7 | suhosin.log.file=255 | ||
| 8 | suhosin.log.file.time=0 | ||
| 9 | suhosin.log.file.name={PWD}/suhosintest.$$.log.tmp | ||
| 10 | auto_append_file={PWD}/suhosintest.$$.log.tmp | ||
| 8 | suhosin.cookie.disallow_ws=1 | 11 | suhosin.cookie.disallow_ws=1 |
| 9 | --SKIPIF-- | 12 | --SKIPIF-- |
| 10 | <?php include('skipif.inc'); ?> | 13 | <?php include('../skipif.inc'); ?> |
| 11 | --COOKIE-- | 14 | --COOKIE-- |
| 12 | +var1=1;var2=2;%20var3=3; var4=4; | 15 | +var1=1;var2=2;%20var3=3; var4=4; |
| 13 | --GET-- | 16 | --GET-- |
diff --git a/tests/filter/get_filter_get_disallow_ws.phpt b/tests/filter/get_filter_get_disallow_ws.phpt index b92dd73..9495486 100644 --- a/tests/filter/get_filter_get_disallow_ws.phpt +++ b/tests/filter/get_filter_get_disallow_ws.phpt | |||
| @@ -3,11 +3,14 @@ suhosin input filter (suhosin.get.disallow_ws) | |||
| 3 | --INI-- | 3 | --INI-- |
| 4 | suhosin.log.syslog=0 | 4 | suhosin.log.syslog=0 |
| 5 | suhosin.log.sapi=0 | 5 | suhosin.log.sapi=0 |
| 6 | suhosin.log.stdout=255 | ||
| 7 | suhosin.log.script=0 | 6 | suhosin.log.script=0 |
| 7 | suhosin.log.file=255 | ||
| 8 | suhosin.log.file.time=0 | ||
| 9 | suhosin.log.file.name={PWD}/suhosintest.$$.log.tmp | ||
| 10 | auto_append_file={PWD}/suhosintest.$$.log.tmp | ||
| 8 | suhosin.get.disallow_ws=1 | 11 | suhosin.get.disallow_ws=1 |
| 9 | --SKIPIF-- | 12 | --SKIPIF-- |
| 10 | <?php include('skipif.inc'); ?> | 13 | <?php include('../skipif.inc'); ?> |
| 11 | --COOKIE-- | 14 | --COOKIE-- |
| 12 | --GET-- | 15 | --GET-- |
| 13 | +var1=1&var2=2&%20var3=3& var4=4& | 16 | +var1=1&var2=2&%20var3=3& var4=4& |
diff --git a/tests/filter/get_filter_post_disallow_ws.phpt b/tests/filter/get_filter_post_disallow_ws.phpt index 55c7cf1..003afa5 100644 --- a/tests/filter/get_filter_post_disallow_ws.phpt +++ b/tests/filter/get_filter_post_disallow_ws.phpt | |||
| @@ -3,11 +3,14 @@ suhosin input filter (suhosin.post.disallow_ws) | |||
| 3 | --INI-- | 3 | --INI-- |
| 4 | suhosin.log.syslog=0 | 4 | suhosin.log.syslog=0 |
| 5 | suhosin.log.sapi=0 | 5 | suhosin.log.sapi=0 |
| 6 | suhosin.log.stdout=255 | ||
| 7 | suhosin.log.script=0 | 6 | suhosin.log.script=0 |
| 7 | suhosin.log.file=255 | ||
| 8 | suhosin.log.file.time=0 | ||
| 9 | suhosin.log.file.name={PWD}/suhosintest.$$.log.tmp | ||
| 10 | auto_append_file={PWD}/suhosintest.$$.log.tmp | ||
| 8 | suhosin.post.disallow_ws=1 | 11 | suhosin.post.disallow_ws=1 |
| 9 | --SKIPIF-- | 12 | --SKIPIF-- |
| 10 | <?php include('skipif.inc'); ?> | 13 | <?php include('../skipif.inc'); ?> |
| 11 | --COOKIE-- | 14 | --COOKIE-- |
| 12 | --GET-- | 15 | --GET-- |
| 13 | --POST-- | 16 | --POST-- |
diff --git a/tests/filter/get_filter_request_disallow_ws.phpt b/tests/filter/get_filter_request_disallow_ws.phpt index fd22d62..fe69e78 100644 --- a/tests/filter/get_filter_request_disallow_ws.phpt +++ b/tests/filter/get_filter_request_disallow_ws.phpt | |||
| @@ -3,11 +3,14 @@ suhosin input filter (suhosin.request.disallow_ws) | |||
| 3 | --INI-- | 3 | --INI-- |
| 4 | suhosin.log.syslog=0 | 4 | suhosin.log.syslog=0 |
| 5 | suhosin.log.sapi=0 | 5 | suhosin.log.sapi=0 |
| 6 | suhosin.log.stdout=255 | ||
| 7 | suhosin.log.script=0 | 6 | suhosin.log.script=0 |
| 7 | suhosin.log.file=255 | ||
| 8 | suhosin.log.file.time=0 | ||
| 9 | suhosin.log.file.name={PWD}/suhosintest.$$.log.tmp | ||
| 10 | auto_append_file={PWD}/suhosintest.$$.log.tmp | ||
| 8 | suhosin.request.disallow_ws=1 | 11 | suhosin.request.disallow_ws=1 |
| 9 | --SKIPIF-- | 12 | --SKIPIF-- |
| 10 | <?php include('skipif.inc'); ?> | 13 | <?php include('../skipif.inc'); ?> |
| 11 | --COOKIE-- | 14 | --COOKIE-- |
| 12 | --GET-- | 15 | --GET-- |
| 13 | +var1=1&var2=2&%20var3=3& var4=4& | 16 | +var1=1&var2=2&%20var3=3& var4=4& |
diff --git a/tests/filter/input_filter_allow_nul.phpt b/tests/filter/input_filter_allow_nul.phpt index 478d4b4..a913189 100644 --- a/tests/filter/input_filter_allow_nul.phpt +++ b/tests/filter/input_filter_allow_nul.phpt | |||
| Binary files differ | |||
diff --git a/tests/filter/input_filter_cookie_disallow_nul.phpt b/tests/filter/input_filter_cookie_disallow_nul.phpt index dab9241..ae05ac6 100644 --- a/tests/filter/input_filter_cookie_disallow_nul.phpt +++ b/tests/filter/input_filter_cookie_disallow_nul.phpt | |||
| @@ -3,12 +3,15 @@ suhosin input filter (suhosin.cookie.disallow_nul) | |||
| 3 | --INI-- | 3 | --INI-- |
| 4 | suhosin.log.syslog=0 | 4 | suhosin.log.syslog=0 |
| 5 | suhosin.log.sapi=0 | 5 | suhosin.log.sapi=0 |
| 6 | suhosin.log.stdout=255 | ||
| 7 | suhosin.log.script=0 | 6 | suhosin.log.script=0 |
| 7 | suhosin.log.file=255 | ||
| 8 | suhosin.log.file.time=0 | ||
| 9 | suhosin.log.file.name={PWD}/suhosintest.$$.log.tmp | ||
| 10 | auto_append_file={PWD}/suhosintest.$$.log.tmp | ||
| 8 | suhosin.request.disallow_nul=0 | 11 | suhosin.request.disallow_nul=0 |
| 9 | suhosin.cookie.disallow_nul=1 | 12 | suhosin.cookie.disallow_nul=1 |
| 10 | --SKIPIF-- | 13 | --SKIPIF-- |
| 11 | <?php include('skipif.inc'); ?> | 14 | <?php include('../skipif.inc'); ?> |
| 12 | --COOKIE-- | 15 | --COOKIE-- |
| 13 | var1=xx%001;var2=2;var3=xx%003;var4=4; | 16 | var1=xx%001;var2=2;var3=xx%003;var4=4; |
| 14 | --GET-- | 17 | --GET-- |
diff --git a/tests/filter/input_filter_cookie_max_array_depth.phpt b/tests/filter/input_filter_cookie_max_array_depth.phpt index 10fc667..327fa36 100644 --- a/tests/filter/input_filter_cookie_max_array_depth.phpt +++ b/tests/filter/input_filter_cookie_max_array_depth.phpt | |||
| @@ -3,12 +3,15 @@ suhosin input filter (suhosin.cookie.max_array_depth) | |||
| 3 | --INI-- | 3 | --INI-- |
| 4 | suhosin.log.syslog=0 | 4 | suhosin.log.syslog=0 |
| 5 | suhosin.log.sapi=0 | 5 | suhosin.log.sapi=0 |
| 6 | suhosin.log.stdout=255 | ||
| 7 | suhosin.log.script=0 | 6 | suhosin.log.script=0 |
| 7 | suhosin.log.file=255 | ||
| 8 | suhosin.log.file.time=0 | ||
| 9 | suhosin.log.file.name={PWD}/suhosintest.$$.log.tmp | ||
| 10 | auto_append_file={PWD}/suhosintest.$$.log.tmp | ||
| 8 | suhosin.request.max_array_depth=0 | 11 | suhosin.request.max_array_depth=0 |
| 9 | suhosin.cookie.max_array_depth=4 | 12 | suhosin.cookie.max_array_depth=4 |
| 10 | --SKIPIF-- | 13 | --SKIPIF-- |
| 11 | <?php include('skipif.inc'); ?> | 14 | <?php include('../skipif.inc'); ?> |
| 12 | --COOKIE-- | 15 | --COOKIE-- |
| 13 | var1[]=1;var2[][]=2;var3[][][]=3;var4[][][][]=4;var5[][][][][]=5;var6[][][][][][]=6; | 16 | var1[]=1;var2[][]=2;var3[][][]=3;var4[][][][]=4;var5[][][][][]=5;var6[][][][][][]=6; |
| 14 | --GET-- | 17 | --GET-- |
diff --git a/tests/filter/input_filter_cookie_max_array_index_length.phpt b/tests/filter/input_filter_cookie_max_array_index_length.phpt index 76dcad4..b954e63 100644 --- a/tests/filter/input_filter_cookie_max_array_index_length.phpt +++ b/tests/filter/input_filter_cookie_max_array_index_length.phpt | |||
| @@ -3,12 +3,15 @@ suhosin input filter (suhosin.cookie.max_array_index_length) | |||
| 3 | --INI-- | 3 | --INI-- |
| 4 | suhosin.log.syslog=0 | 4 | suhosin.log.syslog=0 |
| 5 | suhosin.log.sapi=0 | 5 | suhosin.log.sapi=0 |
| 6 | suhosin.log.stdout=255 | ||
| 7 | suhosin.log.script=0 | 6 | suhosin.log.script=0 |
| 7 | suhosin.log.file=255 | ||
| 8 | suhosin.log.file.time=0 | ||
| 9 | suhosin.log.file.name={PWD}/suhosintest.$$.log.tmp | ||
| 10 | auto_append_file={PWD}/suhosintest.$$.log.tmp | ||
| 8 | suhosin.request.max_array_index_length=0 | 11 | suhosin.request.max_array_index_length=0 |
| 9 | suhosin.cookie.max_array_index_length=3 | 12 | suhosin.cookie.max_array_index_length=3 |
| 10 | --SKIPIF-- | 13 | --SKIPIF-- |
| 11 | <?php include('skipif.inc'); ?> | 14 | <?php include('../skipif.inc'); ?> |
| 12 | --COOKIE-- | 15 | --COOKIE-- |
| 13 | var1[AAA]=1;var2[BBBB]=1;var3[AAA][BBB]=1;var4[AAA][BBBB]=4;var5[AAA][BBB][CCC]=1;var6[AAA][BBBB][CCC]=1; | 16 | var1[AAA]=1;var2[BBBB]=1;var3[AAA][BBB]=1;var4[AAA][BBBB]=4;var5[AAA][BBB][CCC]=1;var6[AAA][BBBB][CCC]=1; |
| 14 | --GET-- | 17 | --GET-- |
diff --git a/tests/filter/input_filter_cookie_max_name_length.phpt b/tests/filter/input_filter_cookie_max_name_length.phpt index b655424..38b8558 100644 --- a/tests/filter/input_filter_cookie_max_name_length.phpt +++ b/tests/filter/input_filter_cookie_max_name_length.phpt | |||
| @@ -3,12 +3,15 @@ suhosin input filter (suhosin.cookie.max_name_length) | |||
| 3 | --INI-- | 3 | --INI-- |
| 4 | suhosin.log.syslog=0 | 4 | suhosin.log.syslog=0 |
| 5 | suhosin.log.sapi=0 | 5 | suhosin.log.sapi=0 |
| 6 | suhosin.log.stdout=255 | ||
| 7 | suhosin.log.script=0 | 6 | suhosin.log.script=0 |
| 7 | suhosin.log.file=255 | ||
| 8 | suhosin.log.file.time=0 | ||
| 9 | suhosin.log.file.name={PWD}/suhosintest.$$.log.tmp | ||
| 10 | auto_append_file={PWD}/suhosintest.$$.log.tmp | ||
| 8 | suhosin.request.max_varname_length=0 | 11 | suhosin.request.max_varname_length=0 |
| 9 | suhosin.cookie.max_name_length=4 | 12 | suhosin.cookie.max_name_length=4 |
| 10 | --SKIPIF-- | 13 | --SKIPIF-- |
| 11 | <?php include('skipif.inc'); ?> | 14 | <?php include('../skipif.inc'); ?> |
| 12 | --COOKIE-- | 15 | --COOKIE-- |
| 13 | var=0;var1=1;var2[]=2;var3[xxx]=3;var04=4;var05[]=5;var06[xxx]=6; | 16 | var=0;var1=1;var2[]=2;var3[xxx]=3;var04=4;var05[]=5;var06[xxx]=6; |
| 14 | --GET-- | 17 | --GET-- |
diff --git a/tests/filter/input_filter_cookie_max_totalname_length.phpt b/tests/filter/input_filter_cookie_max_totalname_length.phpt index b356dc6..b9324fc 100644 --- a/tests/filter/input_filter_cookie_max_totalname_length.phpt +++ b/tests/filter/input_filter_cookie_max_totalname_length.phpt | |||
| @@ -3,12 +3,15 @@ suhosin input filter (suhosin.cookie.max_totalname_length) | |||
| 3 | --INI-- | 3 | --INI-- |
| 4 | suhosin.log.syslog=0 | 4 | suhosin.log.syslog=0 |
| 5 | suhosin.log.sapi=0 | 5 | suhosin.log.sapi=0 |
| 6 | suhosin.log.stdout=255 | ||
| 7 | suhosin.log.script=0 | 6 | suhosin.log.script=0 |
| 7 | suhosin.log.file=255 | ||
| 8 | suhosin.log.file.time=0 | ||
| 9 | suhosin.log.file.name={PWD}/suhosintest.$$.log.tmp | ||
| 10 | auto_append_file={PWD}/suhosintest.$$.log.tmp | ||
| 8 | suhosin.request.max_totalname_length=0 | 11 | suhosin.request.max_totalname_length=0 |
| 9 | suhosin.cookie.max_totalname_length=7 | 12 | suhosin.cookie.max_totalname_length=7 |
| 10 | --SKIPIF-- | 13 | --SKIPIF-- |
| 11 | <?php include('skipif.inc'); ?> | 14 | <?php include('../skipif.inc'); ?> |
| 12 | --COOKIE-- | 15 | --COOKIE-- |
| 13 | var=0;var1=1;var2[]=2;var3[xxx]=3;var04=4;var05[]=5;var06[xxx]=6; | 16 | var=0;var1=1;var2[]=2;var3[xxx]=3;var04=4;var05[]=5;var06[xxx]=6; |
| 14 | --GET-- | 17 | --GET-- |
diff --git a/tests/filter/input_filter_cookie_max_value_length.phpt b/tests/filter/input_filter_cookie_max_value_length.phpt index fb8b3d8..d691c9e 100644 --- a/tests/filter/input_filter_cookie_max_value_length.phpt +++ b/tests/filter/input_filter_cookie_max_value_length.phpt | |||
| @@ -3,12 +3,15 @@ suhosin input filter (suhosin.cookie.max_value_length) | |||
| 3 | --INI-- | 3 | --INI-- |
| 4 | suhosin.log.syslog=0 | 4 | suhosin.log.syslog=0 |
| 5 | suhosin.log.sapi=0 | 5 | suhosin.log.sapi=0 |
| 6 | suhosin.log.stdout=255 | ||
| 7 | suhosin.log.script=0 | 6 | suhosin.log.script=0 |
| 7 | suhosin.log.file=255 | ||
| 8 | suhosin.log.file.time=0 | ||
| 9 | suhosin.log.file.name={PWD}/suhosintest.$$.log.tmp | ||
| 10 | auto_append_file={PWD}/suhosintest.$$.log.tmp | ||
| 8 | suhosin.request.max_value_length=0 | 11 | suhosin.request.max_value_length=0 |
| 9 | suhosin.cookie.max_value_length=3 | 12 | suhosin.cookie.max_value_length=3 |
| 10 | --SKIPIF-- | 13 | --SKIPIF-- |
| 11 | <?php include('skipif.inc'); ?> | 14 | <?php include('../skipif.inc'); ?> |
| 12 | --COOKIE-- | 15 | --COOKIE-- |
| 13 | var1=1;var2=22;var3=333;var4=4444;var5=55%00555;var6=666666; | 16 | var1=1;var2=22;var3=333;var4=4444;var5=55%00555;var6=666666; |
| 14 | --GET-- | 17 | --GET-- |
diff --git a/tests/filter/input_filter_cookie_max_vars.phpt b/tests/filter/input_filter_cookie_max_vars.phpt index 9047df3..fed391e 100644 --- a/tests/filter/input_filter_cookie_max_vars.phpt +++ b/tests/filter/input_filter_cookie_max_vars.phpt | |||
| @@ -5,8 +5,11 @@ suhosin input filter (suhosin.cookie.max_vars) | |||
| 5 | --INI-- | 5 | --INI-- |
| 6 | suhosin.log.syslog=0 | 6 | suhosin.log.syslog=0 |
| 7 | suhosin.log.sapi=0 | 7 | suhosin.log.sapi=0 |
| 8 | suhosin.log.stdout=255 | ||
| 9 | suhosin.log.script=0 | 8 | suhosin.log.script=0 |
| 9 | suhosin.log.file=255 | ||
| 10 | suhosin.log.file.time=0 | ||
| 11 | suhosin.log.file.name={PWD}/suhosintest.$$.log.tmp | ||
| 12 | auto_append_file={PWD}/suhosintest.$$.log.tmp | ||
| 10 | suhosin.cookie.max_vars=3 | 13 | suhosin.cookie.max_vars=3 |
| 11 | --COOKIE-- | 14 | --COOKIE-- |
| 12 | a=1; b=2; c=3; d=4 | 15 | a=1; b=2; c=3; d=4 |
diff --git a/tests/filter/input_filter_get_disallow_nul.phpt b/tests/filter/input_filter_get_disallow_nul.phpt index b7c2ad4..5a5b506 100644 --- a/tests/filter/input_filter_get_disallow_nul.phpt +++ b/tests/filter/input_filter_get_disallow_nul.phpt | |||
| @@ -3,12 +3,15 @@ suhosin input filter (suhosin.get.disallow_nul) | |||
| 3 | --INI-- | 3 | --INI-- |
| 4 | suhosin.log.syslog=0 | 4 | suhosin.log.syslog=0 |
| 5 | suhosin.log.sapi=0 | 5 | suhosin.log.sapi=0 |
| 6 | suhosin.log.stdout=255 | ||
| 7 | suhosin.log.script=0 | 6 | suhosin.log.script=0 |
| 7 | suhosin.log.file=255 | ||
| 8 | suhosin.log.file.time=0 | ||
| 9 | suhosin.log.file.name={PWD}/suhosintest.$$.log.tmp | ||
| 10 | auto_append_file={PWD}/suhosintest.$$.log.tmp | ||
| 8 | suhosin.request.disallow_nul=0 | 11 | suhosin.request.disallow_nul=0 |
| 9 | suhosin.get.disallow_nul=1 | 12 | suhosin.get.disallow_nul=1 |
| 10 | --SKIPIF-- | 13 | --SKIPIF-- |
| 11 | <?php include('skipif.inc'); ?> | 14 | <?php include('../skipif.inc'); ?> |
| 12 | --COOKIE-- | 15 | --COOKIE-- |
| 13 | --GET-- | 16 | --GET-- |
| 14 | var1=xx%001&var2=2&var3=xx%003&var4=4& | 17 | var1=xx%001&var2=2&var3=xx%003&var4=4& |
diff --git a/tests/filter/input_filter_get_max_array_depth.phpt b/tests/filter/input_filter_get_max_array_depth.phpt index 9a32f29..99fb666 100644 --- a/tests/filter/input_filter_get_max_array_depth.phpt +++ b/tests/filter/input_filter_get_max_array_depth.phpt | |||
| @@ -3,12 +3,15 @@ suhosin input filter (suhosin.get.max_array_depth) | |||
| 3 | --INI-- | 3 | --INI-- |
| 4 | suhosin.log.syslog=0 | 4 | suhosin.log.syslog=0 |
| 5 | suhosin.log.sapi=0 | 5 | suhosin.log.sapi=0 |
| 6 | suhosin.log.stdout=255 | ||
| 7 | suhosin.log.script=0 | 6 | suhosin.log.script=0 |
| 7 | suhosin.log.file=255 | ||
| 8 | suhosin.log.file.time=0 | ||
| 9 | suhosin.log.file.name={PWD}/suhosintest.$$.log.tmp | ||
| 10 | auto_append_file={PWD}/suhosintest.$$.log.tmp | ||
| 8 | suhosin.request.max_array_depth=0 | 11 | suhosin.request.max_array_depth=0 |
| 9 | suhosin.get.max_array_depth=4 | 12 | suhosin.get.max_array_depth=4 |
| 10 | --SKIPIF-- | 13 | --SKIPIF-- |
| 11 | <?php include('skipif.inc'); ?> | 14 | <?php include('../skipif.inc'); ?> |
| 12 | --COOKIE-- | 15 | --COOKIE-- |
| 13 | --GET-- | 16 | --GET-- |
| 14 | var1[]=1&var2[][]=2&var3[][][]=3&var4[][][][]=4&var5[][][][][]=5&var6[][][][][][]=6& | 17 | var1[]=1&var2[][]=2&var3[][][]=3&var4[][][][]=4&var5[][][][][]=5&var6[][][][][][]=6& |
diff --git a/tests/filter/input_filter_get_max_array_index_length.phpt b/tests/filter/input_filter_get_max_array_index_length.phpt index 890ec8e..54bf610 100644 --- a/tests/filter/input_filter_get_max_array_index_length.phpt +++ b/tests/filter/input_filter_get_max_array_index_length.phpt | |||
| @@ -3,12 +3,15 @@ suhosin input filter (suhosin.get.max_array_index_length) | |||
| 3 | --INI-- | 3 | --INI-- |
| 4 | suhosin.log.syslog=0 | 4 | suhosin.log.syslog=0 |
| 5 | suhosin.log.sapi=0 | 5 | suhosin.log.sapi=0 |
| 6 | suhosin.log.stdout=255 | ||
| 7 | suhosin.log.script=0 | 6 | suhosin.log.script=0 |
| 7 | suhosin.log.file=255 | ||
| 8 | suhosin.log.file.time=0 | ||
| 9 | suhosin.log.file.name={PWD}/suhosintest.$$.log.tmp | ||
| 10 | auto_append_file={PWD}/suhosintest.$$.log.tmp | ||
| 8 | suhosin.request.max_array_index_length=0 | 11 | suhosin.request.max_array_index_length=0 |
| 9 | suhosin.get.max_array_index_length=3 | 12 | suhosin.get.max_array_index_length=3 |
| 10 | --SKIPIF-- | 13 | --SKIPIF-- |
| 11 | <?php include('skipif.inc'); ?> | 14 | <?php include('../skipif.inc'); ?> |
| 12 | --COOKIE-- | 15 | --COOKIE-- |
| 13 | --GET-- | 16 | --GET-- |
| 14 | var1[AAA]=1&var2[BBBB]=1&var3[AAA][BBB]=1&var4[AAA][BBBB]=4&var5[AAA][BBB][CCC]=1&var6[AAA][BBBB][CCC]=1 | 17 | var1[AAA]=1&var2[BBBB]=1&var3[AAA][BBB]=1&var4[AAA][BBBB]=4&var5[AAA][BBB][CCC]=1&var6[AAA][BBBB][CCC]=1 |
diff --git a/tests/filter/input_filter_get_max_name_length.phpt b/tests/filter/input_filter_get_max_name_length.phpt index 4fab0a0..76ca5f6 100644 --- a/tests/filter/input_filter_get_max_name_length.phpt +++ b/tests/filter/input_filter_get_max_name_length.phpt | |||
| @@ -3,12 +3,15 @@ suhosin input filter (suhosin.get.max_name_length) | |||
| 3 | --INI-- | 3 | --INI-- |
| 4 | suhosin.log.syslog=0 | 4 | suhosin.log.syslog=0 |
| 5 | suhosin.log.sapi=0 | 5 | suhosin.log.sapi=0 |
| 6 | suhosin.log.stdout=255 | ||
| 7 | suhosin.log.script=0 | 6 | suhosin.log.script=0 |
| 7 | suhosin.log.file=255 | ||
| 8 | suhosin.log.file.time=0 | ||
| 9 | suhosin.log.file.name={PWD}/suhosintest.$$.log.tmp | ||
| 10 | auto_append_file={PWD}/suhosintest.$$.log.tmp | ||
| 8 | suhosin.request.max_varname_length=0 | 11 | suhosin.request.max_varname_length=0 |
| 9 | suhosin.get.max_name_length=4 | 12 | suhosin.get.max_name_length=4 |
| 10 | --SKIPIF-- | 13 | --SKIPIF-- |
| 11 | <?php include('skipif.inc'); ?> | 14 | <?php include('../skipif.inc'); ?> |
| 12 | --COOKIE-- | 15 | --COOKIE-- |
| 13 | --GET-- | 16 | --GET-- |
| 14 | var=0&var1=1&var2[]=2&var3[xxx]=3&var04=4&var05[]=5&var06[xxx]=6& | 17 | var=0&var1=1&var2[]=2&var3[xxx]=3&var04=4&var05[]=5&var06[xxx]=6& |
diff --git a/tests/filter/input_filter_get_max_totalname_length.phpt b/tests/filter/input_filter_get_max_totalname_length.phpt index 1353ee0..675708d 100644 --- a/tests/filter/input_filter_get_max_totalname_length.phpt +++ b/tests/filter/input_filter_get_max_totalname_length.phpt | |||
| @@ -3,12 +3,15 @@ suhosin input filter (suhosin.get.max_totalname_length) | |||
| 3 | --INI-- | 3 | --INI-- |
| 4 | suhosin.log.syslog=0 | 4 | suhosin.log.syslog=0 |
| 5 | suhosin.log.sapi=0 | 5 | suhosin.log.sapi=0 |
| 6 | suhosin.log.stdout=255 | ||
| 7 | suhosin.log.script=0 | 6 | suhosin.log.script=0 |
| 7 | suhosin.log.file=255 | ||
| 8 | suhosin.log.file.time=0 | ||
| 9 | suhosin.log.file.name={PWD}/suhosintest.$$.log.tmp | ||
| 10 | auto_append_file={PWD}/suhosintest.$$.log.tmp | ||
| 8 | suhosin.request.max_totalname_length=0 | 11 | suhosin.request.max_totalname_length=0 |
| 9 | suhosin.get.max_totalname_length=7 | 12 | suhosin.get.max_totalname_length=7 |
| 10 | --SKIPIF-- | 13 | --SKIPIF-- |
| 11 | <?php include('skipif.inc'); ?> | 14 | <?php include('../skipif.inc'); ?> |
| 12 | --COOKIE-- | 15 | --COOKIE-- |
| 13 | --GET-- | 16 | --GET-- |
| 14 | var=0&var1=1&var2[]=2&var3[xxx]=3&var04=4&var05[]=5&var06[xxx]=6& | 17 | var=0&var1=1&var2[]=2&var3[xxx]=3&var04=4&var05[]=5&var06[xxx]=6& |
diff --git a/tests/filter/input_filter_get_max_value_length.phpt b/tests/filter/input_filter_get_max_value_length.phpt index a5eaf5b..3fa0cb7 100644 --- a/tests/filter/input_filter_get_max_value_length.phpt +++ b/tests/filter/input_filter_get_max_value_length.phpt | |||
| @@ -3,12 +3,15 @@ suhosin input filter (suhosin.get.max_value_length) | |||
| 3 | --INI-- | 3 | --INI-- |
| 4 | suhosin.log.syslog=0 | 4 | suhosin.log.syslog=0 |
| 5 | suhosin.log.sapi=0 | 5 | suhosin.log.sapi=0 |
| 6 | suhosin.log.stdout=255 | ||
| 7 | suhosin.log.script=0 | 6 | suhosin.log.script=0 |
| 7 | suhosin.log.file=255 | ||
| 8 | suhosin.log.file.time=0 | ||
| 9 | suhosin.log.file.name={PWD}/suhosintest.$$.log.tmp | ||
| 10 | auto_append_file={PWD}/suhosintest.$$.log.tmp | ||
| 8 | suhosin.request.max_value_length=0 | 11 | suhosin.request.max_value_length=0 |
| 9 | suhosin.get.max_value_length=3 | 12 | suhosin.get.max_value_length=3 |
| 10 | --SKIPIF-- | 13 | --SKIPIF-- |
| 11 | <?php include('skipif.inc'); ?> | 14 | <?php include('../skipif.inc'); ?> |
| 12 | --COOKIE-- | 15 | --COOKIE-- |
| 13 | --GET-- | 16 | --GET-- |
| 14 | var1=1&var2=22&var3=333&var4=4444&var5=55%00555&var6=666666& | 17 | var1=1&var2=22&var3=333&var4=4444&var5=55%00555&var6=666666& |
diff --git a/tests/filter/input_filter_post_disallow_nul.phpt b/tests/filter/input_filter_post_disallow_nul.phpt index 60c797e..99462b8 100644 --- a/tests/filter/input_filter_post_disallow_nul.phpt +++ b/tests/filter/input_filter_post_disallow_nul.phpt | |||
| @@ -3,12 +3,15 @@ suhosin input filter (suhosin.post.disallow_nul) | |||
| 3 | --INI-- | 3 | --INI-- |
| 4 | suhosin.log.syslog=0 | 4 | suhosin.log.syslog=0 |
| 5 | suhosin.log.sapi=0 | 5 | suhosin.log.sapi=0 |
| 6 | suhosin.log.stdout=255 | ||
| 7 | suhosin.log.script=0 | 6 | suhosin.log.script=0 |
| 7 | suhosin.log.file=255 | ||
| 8 | suhosin.log.file.time=0 | ||
| 9 | suhosin.log.file.name={PWD}/suhosintest.$$.log.tmp | ||
| 10 | auto_append_file={PWD}/suhosintest.$$.log.tmp | ||
| 8 | suhosin.request.disallow_nul=0 | 11 | suhosin.request.disallow_nul=0 |
| 9 | suhosin.post.disallow_nul=1 | 12 | suhosin.post.disallow_nul=1 |
| 10 | --SKIPIF-- | 13 | --SKIPIF-- |
| 11 | <?php include('skipif.inc'); ?> | 14 | <?php include('../skipif.inc'); ?> |
| 12 | --COOKIE-- | 15 | --COOKIE-- |
| 13 | --GET-- | 16 | --GET-- |
| 14 | --POST-- | 17 | --POST-- |
diff --git a/tests/filter/input_filter_post_disallow_nul_rfc1867.phpt b/tests/filter/input_filter_post_disallow_nul_rfc1867.phpt index ffd252e..21fba1f 100644 --- a/tests/filter/input_filter_post_disallow_nul_rfc1867.phpt +++ b/tests/filter/input_filter_post_disallow_nul_rfc1867.phpt | |||
| Binary files differ | |||
diff --git a/tests/filter/input_filter_post_max_array_depth.phpt b/tests/filter/input_filter_post_max_array_depth.phpt index 97cd501..5bf8858 100644 --- a/tests/filter/input_filter_post_max_array_depth.phpt +++ b/tests/filter/input_filter_post_max_array_depth.phpt | |||
| @@ -3,12 +3,15 @@ suhosin input filter (suhosin.post.max_array_depth) | |||
| 3 | --INI-- | 3 | --INI-- |
| 4 | suhosin.log.syslog=0 | 4 | suhosin.log.syslog=0 |
| 5 | suhosin.log.sapi=0 | 5 | suhosin.log.sapi=0 |
| 6 | suhosin.log.stdout=255 | ||
| 7 | suhosin.log.script=0 | 6 | suhosin.log.script=0 |
| 7 | suhosin.log.file=255 | ||
| 8 | suhosin.log.file.time=0 | ||
| 9 | suhosin.log.file.name={PWD}/suhosintest.$$.log.tmp | ||
| 10 | auto_append_file={PWD}/suhosintest.$$.log.tmp | ||
| 8 | suhosin.request.max_array_depth=0 | 11 | suhosin.request.max_array_depth=0 |
| 9 | suhosin.post.max_array_depth=4 | 12 | suhosin.post.max_array_depth=4 |
| 10 | --SKIPIF-- | 13 | --SKIPIF-- |
| 11 | <?php include('skipif.inc'); ?> | 14 | <?php include('../skipif.inc'); ?> |
| 12 | --COOKIE-- | 15 | --COOKIE-- |
| 13 | --GET-- | 16 | --GET-- |
| 14 | --POST-- | 17 | --POST-- |
diff --git a/tests/filter/input_filter_post_max_array_depth_rfc1867.phpt b/tests/filter/input_filter_post_max_array_depth_rfc1867.phpt index e8fd566..b2eab71 100644 --- a/tests/filter/input_filter_post_max_array_depth_rfc1867.phpt +++ b/tests/filter/input_filter_post_max_array_depth_rfc1867.phpt | |||
| @@ -3,12 +3,15 @@ suhosin input filter (suhosin.post.max_array_depth - RFC1867 version) | |||
| 3 | --INI-- | 3 | --INI-- |
| 4 | suhosin.log.syslog=0 | 4 | suhosin.log.syslog=0 |
| 5 | suhosin.log.sapi=0 | 5 | suhosin.log.sapi=0 |
| 6 | suhosin.log.stdout=255 | ||
| 7 | suhosin.log.script=0 | 6 | suhosin.log.script=0 |
| 7 | suhosin.log.file=255 | ||
| 8 | suhosin.log.file.time=0 | ||
| 9 | suhosin.log.file.name={PWD}/suhosintest.$$.log.tmp | ||
| 10 | auto_append_file={PWD}/suhosintest.$$.log.tmp | ||
| 8 | suhosin.request.max_array_depth=0 | 11 | suhosin.request.max_array_depth=0 |
| 9 | suhosin.post.max_array_depth=4 | 12 | suhosin.post.max_array_depth=4 |
| 10 | --SKIPIF-- | 13 | --SKIPIF-- |
| 11 | <?php include('skipif.inc'); ?> | 14 | <?php include('../skipif.inc'); ?> |
| 12 | --COOKIE-- | 15 | --COOKIE-- |
| 13 | --GET-- | 16 | --GET-- |
| 14 | --POST_RAW-- | 17 | --POST_RAW-- |
diff --git a/tests/filter/input_filter_post_max_array_index_length.phpt b/tests/filter/input_filter_post_max_array_index_length.phpt index 2c5adef..285b30e 100644 --- a/tests/filter/input_filter_post_max_array_index_length.phpt +++ b/tests/filter/input_filter_post_max_array_index_length.phpt | |||
| @@ -3,12 +3,15 @@ suhosin input filter (suhosin.post.max_array_index_length) | |||
| 3 | --INI-- | 3 | --INI-- |
| 4 | suhosin.log.syslog=0 | 4 | suhosin.log.syslog=0 |
| 5 | suhosin.log.sapi=0 | 5 | suhosin.log.sapi=0 |
| 6 | suhosin.log.stdout=255 | ||
| 7 | suhosin.log.script=0 | 6 | suhosin.log.script=0 |
| 7 | suhosin.log.file=255 | ||
| 8 | suhosin.log.file.time=0 | ||
| 9 | suhosin.log.file.name={PWD}/suhosintest.$$.log.tmp | ||
| 10 | auto_append_file={PWD}/suhosintest.$$.log.tmp | ||
| 8 | suhosin.request.max_array_index_length=0 | 11 | suhosin.request.max_array_index_length=0 |
| 9 | suhosin.post.max_array_index_length=3 | 12 | suhosin.post.max_array_index_length=3 |
| 10 | --SKIPIF-- | 13 | --SKIPIF-- |
| 11 | <?php include('skipif.inc'); ?> | 14 | <?php include('../skipif.inc'); ?> |
| 12 | --COOKIE-- | 15 | --COOKIE-- |
| 13 | --GET-- | 16 | --GET-- |
| 14 | --POST-- | 17 | --POST-- |
diff --git a/tests/filter/input_filter_post_max_array_index_length_rfc1867.phpt b/tests/filter/input_filter_post_max_array_index_length_rfc1867.phpt index 58f0ed2..a3a19fa 100644 --- a/tests/filter/input_filter_post_max_array_index_length_rfc1867.phpt +++ b/tests/filter/input_filter_post_max_array_index_length_rfc1867.phpt | |||
| @@ -3,12 +3,15 @@ suhosin input filter (suhosin.post.max_array_index_length - RFC1867 version) | |||
| 3 | --INI-- | 3 | --INI-- |
| 4 | suhosin.log.syslog=0 | 4 | suhosin.log.syslog=0 |
| 5 | suhosin.log.sapi=0 | 5 | suhosin.log.sapi=0 |
| 6 | suhosin.log.stdout=255 | ||
| 7 | suhosin.log.script=0 | 6 | suhosin.log.script=0 |
| 7 | suhosin.log.file=255 | ||
| 8 | suhosin.log.file.time=0 | ||
| 9 | suhosin.log.file.name={PWD}/suhosintest.$$.log.tmp | ||
| 10 | auto_append_file={PWD}/suhosintest.$$.log.tmp | ||
| 8 | suhosin.request.max_array_index_length=0 | 11 | suhosin.request.max_array_index_length=0 |
| 9 | suhosin.post.max_array_index_length=3 | 12 | suhosin.post.max_array_index_length=3 |
| 10 | --SKIPIF-- | 13 | --SKIPIF-- |
| 11 | <?php include('skipif.inc'); ?> | 14 | <?php include('../skipif.inc'); ?> |
| 12 | --COOKIE-- | 15 | --COOKIE-- |
| 13 | --GET-- | 16 | --GET-- |
| 14 | --POST-- | 17 | --POST-- |
diff --git a/tests/filter/input_filter_post_max_name_length.phpt b/tests/filter/input_filter_post_max_name_length.phpt index 0065993..cf7b35d 100644 --- a/tests/filter/input_filter_post_max_name_length.phpt +++ b/tests/filter/input_filter_post_max_name_length.phpt | |||
| @@ -3,12 +3,15 @@ suhosin input filter (suhosin.post.max_name_length) | |||
| 3 | --INI-- | 3 | --INI-- |
| 4 | suhosin.log.syslog=0 | 4 | suhosin.log.syslog=0 |
| 5 | suhosin.log.sapi=0 | 5 | suhosin.log.sapi=0 |
| 6 | suhosin.log.stdout=255 | ||
| 7 | suhosin.log.script=0 | 6 | suhosin.log.script=0 |
| 7 | suhosin.log.file=255 | ||
| 8 | suhosin.log.file.time=0 | ||
| 9 | suhosin.log.file.name={PWD}/suhosintest.$$.log.tmp | ||
| 10 | auto_append_file={PWD}/suhosintest.$$.log.tmp | ||
| 8 | suhosin.request.max_varname_length=0 | 11 | suhosin.request.max_varname_length=0 |
| 9 | suhosin.post.max_name_length=4 | 12 | suhosin.post.max_name_length=4 |
| 10 | --SKIPIF-- | 13 | --SKIPIF-- |
| 11 | <?php include('skipif.inc'); ?> | 14 | <?php include('../skipif.inc'); ?> |
| 12 | --COOKIE-- | 15 | --COOKIE-- |
| 13 | --GET-- | 16 | --GET-- |
| 14 | --POST-- | 17 | --POST-- |
diff --git a/tests/filter/input_filter_post_max_name_length_rfc1867.phpt b/tests/filter/input_filter_post_max_name_length_rfc1867.phpt index 45936d5..4ad072c 100644 --- a/tests/filter/input_filter_post_max_name_length_rfc1867.phpt +++ b/tests/filter/input_filter_post_max_name_length_rfc1867.phpt | |||
| @@ -3,12 +3,15 @@ suhosin input filter (suhosin.post.max_name_length - RFC1867 version) | |||
| 3 | --INI-- | 3 | --INI-- |
| 4 | suhosin.log.syslog=0 | 4 | suhosin.log.syslog=0 |
| 5 | suhosin.log.sapi=0 | 5 | suhosin.log.sapi=0 |
| 6 | suhosin.log.stdout=255 | ||
| 7 | suhosin.log.script=0 | 6 | suhosin.log.script=0 |
| 7 | suhosin.log.file=255 | ||
| 8 | suhosin.log.file.time=0 | ||
| 9 | suhosin.log.file.name={PWD}/suhosintest.$$.log.tmp | ||
| 10 | auto_append_file={PWD}/suhosintest.$$.log.tmp | ||
| 8 | suhosin.request.max_varname_length=0 | 11 | suhosin.request.max_varname_length=0 |
| 9 | suhosin.post.max_name_length=4 | 12 | suhosin.post.max_name_length=4 |
| 10 | --SKIPIF-- | 13 | --SKIPIF-- |
| 11 | <?php include('skipif.inc'); ?> | 14 | <?php include('../skipif.inc'); ?> |
| 12 | --COOKIE-- | 15 | --COOKIE-- |
| 13 | --GET-- | 16 | --GET-- |
| 14 | --POST_RAW-- | 17 | --POST_RAW-- |
diff --git a/tests/filter/input_filter_post_max_totalname_length.phpt b/tests/filter/input_filter_post_max_totalname_length.phpt index b922302..1fef2bb 100644 --- a/tests/filter/input_filter_post_max_totalname_length.phpt +++ b/tests/filter/input_filter_post_max_totalname_length.phpt | |||
| @@ -3,12 +3,15 @@ suhosin input filter (suhosin.post.max_totalname_length) | |||
| 3 | --INI-- | 3 | --INI-- |
| 4 | suhosin.log.syslog=0 | 4 | suhosin.log.syslog=0 |
| 5 | suhosin.log.sapi=0 | 5 | suhosin.log.sapi=0 |
| 6 | suhosin.log.stdout=255 | ||
| 7 | suhosin.log.script=0 | 6 | suhosin.log.script=0 |
| 7 | suhosin.log.file=255 | ||
| 8 | suhosin.log.file.time=0 | ||
| 9 | suhosin.log.file.name={PWD}/suhosintest.$$.log.tmp | ||
| 10 | auto_append_file={PWD}/suhosintest.$$.log.tmp | ||
| 8 | suhosin.request.max_totalname_length=0 | 11 | suhosin.request.max_totalname_length=0 |
| 9 | suhosin.post.max_totalname_length=7 | 12 | suhosin.post.max_totalname_length=7 |
| 10 | --SKIPIF-- | 13 | --SKIPIF-- |
| 11 | <?php include('skipif.inc'); ?> | 14 | <?php include('../skipif.inc'); ?> |
| 12 | --COOKIE-- | 15 | --COOKIE-- |
| 13 | --GET-- | 16 | --GET-- |
| 14 | --POST-- | 17 | --POST-- |
diff --git a/tests/filter/input_filter_post_max_totalname_length_rfc1867.phpt b/tests/filter/input_filter_post_max_totalname_length_rfc1867.phpt index bbbcca4..f8fa6db 100644 --- a/tests/filter/input_filter_post_max_totalname_length_rfc1867.phpt +++ b/tests/filter/input_filter_post_max_totalname_length_rfc1867.phpt | |||
| @@ -3,12 +3,15 @@ suhosin input filter (suhosin.post.max_totalname_length - RFC1867 version) | |||
| 3 | --INI-- | 3 | --INI-- |
| 4 | suhosin.log.syslog=0 | 4 | suhosin.log.syslog=0 |
| 5 | suhosin.log.sapi=0 | 5 | suhosin.log.sapi=0 |
| 6 | suhosin.log.stdout=255 | ||
| 7 | suhosin.log.script=0 | 6 | suhosin.log.script=0 |
| 7 | suhosin.log.file=255 | ||
| 8 | suhosin.log.file.time=0 | ||
| 9 | suhosin.log.file.name={PWD}/suhosintest.$$.log.tmp | ||
| 10 | auto_append_file={PWD}/suhosintest.$$.log.tmp | ||
| 8 | suhosin.request.max_totalname_length=0 | 11 | suhosin.request.max_totalname_length=0 |
| 9 | suhosin.post.max_totalname_length=7 | 12 | suhosin.post.max_totalname_length=7 |
| 10 | --SKIPIF-- | 13 | --SKIPIF-- |
| 11 | <?php include('skipif.inc'); ?> | 14 | <?php include('../skipif.inc'); ?> |
| 12 | --COOKIE-- | 15 | --COOKIE-- |
| 13 | --GET-- | 16 | --GET-- |
| 14 | --POST_RAW-- | 17 | --POST_RAW-- |
diff --git a/tests/filter/input_filter_post_max_value_length.phpt b/tests/filter/input_filter_post_max_value_length.phpt index b560bde..7c5493f 100644 --- a/tests/filter/input_filter_post_max_value_length.phpt +++ b/tests/filter/input_filter_post_max_value_length.phpt | |||
| @@ -3,12 +3,15 @@ suhosin input filter (suhosin.post.max_value_length) | |||
| 3 | --INI-- | 3 | --INI-- |
| 4 | suhosin.log.syslog=0 | 4 | suhosin.log.syslog=0 |
| 5 | suhosin.log.sapi=0 | 5 | suhosin.log.sapi=0 |
| 6 | suhosin.log.stdout=255 | ||
| 7 | suhosin.log.script=0 | 6 | suhosin.log.script=0 |
| 7 | suhosin.log.file=255 | ||
| 8 | suhosin.log.file.time=0 | ||
| 9 | suhosin.log.file.name={PWD}/suhosintest.$$.log.tmp | ||
| 10 | auto_append_file={PWD}/suhosintest.$$.log.tmp | ||
| 8 | suhosin.request.max_value_length=0 | 11 | suhosin.request.max_value_length=0 |
| 9 | suhosin.post.max_value_length=3 | 12 | suhosin.post.max_value_length=3 |
| 10 | --SKIPIF-- | 13 | --SKIPIF-- |
| 11 | <?php include('skipif.inc'); ?> | 14 | <?php include('../skipif.inc'); ?> |
| 12 | --COOKIE-- | 15 | --COOKIE-- |
| 13 | --GET-- | 16 | --GET-- |
| 14 | --POST-- | 17 | --POST-- |
diff --git a/tests/filter/input_filter_post_max_value_length_rfc1867.phpt b/tests/filter/input_filter_post_max_value_length_rfc1867.phpt index 7552255..a788dfd 100644 --- a/tests/filter/input_filter_post_max_value_length_rfc1867.phpt +++ b/tests/filter/input_filter_post_max_value_length_rfc1867.phpt | |||
| Binary files differ | |||
diff --git a/tests/filter/input_filter_request_disallow_nul.phpt b/tests/filter/input_filter_request_disallow_nul.phpt index 09903ec..0e9636f 100644 --- a/tests/filter/input_filter_request_disallow_nul.phpt +++ b/tests/filter/input_filter_request_disallow_nul.phpt | |||
| @@ -3,11 +3,14 @@ suhosin input filter (suhosin.request.disallow_nul) | |||
| 3 | --INI-- | 3 | --INI-- |
| 4 | suhosin.log.syslog=0 | 4 | suhosin.log.syslog=0 |
| 5 | suhosin.log.sapi=0 | 5 | suhosin.log.sapi=0 |
| 6 | suhosin.log.stdout=255 | ||
| 7 | suhosin.log.script=0 | 6 | suhosin.log.script=0 |
| 7 | suhosin.log.file=255 | ||
| 8 | suhosin.log.file.time=0 | ||
| 9 | suhosin.log.file.name={PWD}/suhosintest.$$.log.tmp | ||
| 10 | auto_append_file={PWD}/suhosintest.$$.log.tmp | ||
| 8 | suhosin.request.disallow_nul=1 | 11 | suhosin.request.disallow_nul=1 |
| 9 | --SKIPIF-- | 12 | --SKIPIF-- |
| 10 | <?php include('skipif.inc'); ?> | 13 | <?php include('../skipif.inc'); ?> |
| 11 | --COOKIE-- | 14 | --COOKIE-- |
| 12 | var1=xx%001;var2=2;var3=xx%003;var4=4; | 15 | var1=xx%001;var2=2;var3=xx%003;var4=4; |
| 13 | --GET-- | 16 | --GET-- |
diff --git a/tests/filter/input_filter_request_max_array_depth.phpt b/tests/filter/input_filter_request_max_array_depth.phpt index ca67a39..0f10afe 100644 --- a/tests/filter/input_filter_request_max_array_depth.phpt +++ b/tests/filter/input_filter_request_max_array_depth.phpt | |||
| @@ -3,11 +3,14 @@ suhosin input filter (suhosin.request.max_array_depth) | |||
| 3 | --INI-- | 3 | --INI-- |
| 4 | suhosin.log.syslog=0 | 4 | suhosin.log.syslog=0 |
| 5 | suhosin.log.sapi=0 | 5 | suhosin.log.sapi=0 |
| 6 | suhosin.log.stdout=255 | ||
| 7 | suhosin.log.script=0 | 6 | suhosin.log.script=0 |
| 7 | suhosin.log.file=255 | ||
| 8 | suhosin.log.file.time=0 | ||
| 9 | suhosin.log.file.name={PWD}/suhosintest.$$.log.tmp | ||
| 10 | auto_append_file={PWD}/suhosintest.$$.log.tmp | ||
| 8 | suhosin.request.max_array_depth=4 | 11 | suhosin.request.max_array_depth=4 |
| 9 | --SKIPIF-- | 12 | --SKIPIF-- |
| 10 | <?php include('skipif.inc'); ?> | 13 | <?php include('../skipif.inc'); ?> |
| 11 | --COOKIE-- | 14 | --COOKIE-- |
| 12 | var1[]=1;var2[][]=2;var3[][][]=3;var4[][][][]=4;var5[][][][][]=5;var6[][][][][][]=6; | 15 | var1[]=1;var2[][]=2;var3[][][]=3;var4[][][][]=4;var5[][][][][]=5;var6[][][][][][]=6; |
| 13 | --GET-- | 16 | --GET-- |
diff --git a/tests/filter/input_filter_request_max_array_index_length.phpt b/tests/filter/input_filter_request_max_array_index_length.phpt index bb4c2ef..84b3849 100644 --- a/tests/filter/input_filter_request_max_array_index_length.phpt +++ b/tests/filter/input_filter_request_max_array_index_length.phpt | |||
| @@ -3,11 +3,14 @@ suhosin input filter (suhosin.request.max_array_index_length) | |||
| 3 | --INI-- | 3 | --INI-- |
| 4 | suhosin.log.syslog=0 | 4 | suhosin.log.syslog=0 |
| 5 | suhosin.log.sapi=0 | 5 | suhosin.log.sapi=0 |
| 6 | suhosin.log.stdout=255 | ||
| 7 | suhosin.log.script=0 | 6 | suhosin.log.script=0 |
| 7 | suhosin.log.file=255 | ||
| 8 | suhosin.log.file.time=0 | ||
| 9 | suhosin.log.file.name={PWD}/suhosintest.$$.log.tmp | ||
| 10 | auto_append_file={PWD}/suhosintest.$$.log.tmp | ||
| 8 | suhosin.request.max_array_index_length=3 | 11 | suhosin.request.max_array_index_length=3 |
| 9 | --SKIPIF-- | 12 | --SKIPIF-- |
| 10 | <?php include('skipif.inc'); ?> | 13 | <?php include('../skipif.inc'); ?> |
| 11 | --COOKIE-- | 14 | --COOKIE-- |
| 12 | var1[AAA]=1;var2[BBBB]=1;var3[AAA][BBB]=1;var4[AAA][BBBB]=4;var5[AAA][BBB][CCC]=1;var6[AAA][BBBB][CCC]=1; | 15 | var1[AAA]=1;var2[BBBB]=1;var3[AAA][BBB]=1;var4[AAA][BBBB]=4;var5[AAA][BBB][CCC]=1;var6[AAA][BBBB][CCC]=1; |
| 13 | --GET-- | 16 | --GET-- |
diff --git a/tests/filter/input_filter_request_max_name_length.phpt b/tests/filter/input_filter_request_max_name_length.phpt index 03b4a3b..e231447 100644 --- a/tests/filter/input_filter_request_max_name_length.phpt +++ b/tests/filter/input_filter_request_max_name_length.phpt | |||
| @@ -3,11 +3,14 @@ suhosin input filter (suhosin.request.max_varname_length) | |||
| 3 | --INI-- | 3 | --INI-- |
| 4 | suhosin.log.syslog=0 | 4 | suhosin.log.syslog=0 |
| 5 | suhosin.log.sapi=0 | 5 | suhosin.log.sapi=0 |
| 6 | suhosin.log.stdout=255 | ||
| 7 | suhosin.log.script=0 | 6 | suhosin.log.script=0 |
| 7 | suhosin.log.file=255 | ||
| 8 | suhosin.log.file.time=0 | ||
| 9 | suhosin.log.file.name={PWD}/suhosintest.$$.log.tmp | ||
| 10 | auto_append_file={PWD}/suhosintest.$$.log.tmp | ||
| 8 | suhosin.request.max_varname_length=4 | 11 | suhosin.request.max_varname_length=4 |
| 9 | --SKIPIF-- | 12 | --SKIPIF-- |
| 10 | <?php include('skipif.inc'); ?> | 13 | <?php include('../skipif.inc'); ?> |
| 11 | --COOKIE-- | 14 | --COOKIE-- |
| 12 | var=0;var1=1;var2[]=2;var3[xxx]=3;var04=4;var05[]=5;var06[xxx]=6; | 15 | var=0;var1=1;var2[]=2;var3[xxx]=3;var04=4;var05[]=5;var06[xxx]=6; |
| 13 | --GET-- | 16 | --GET-- |
diff --git a/tests/filter/input_filter_request_max_totalname_length.phpt b/tests/filter/input_filter_request_max_totalname_length.phpt index f028db1..e4ddd5b 100644 --- a/tests/filter/input_filter_request_max_totalname_length.phpt +++ b/tests/filter/input_filter_request_max_totalname_length.phpt | |||
| @@ -3,11 +3,14 @@ suhosin input filter (suhosin.request.max_totalname_length) | |||
| 3 | --INI-- | 3 | --INI-- |
| 4 | suhosin.log.syslog=0 | 4 | suhosin.log.syslog=0 |
| 5 | suhosin.log.sapi=0 | 5 | suhosin.log.sapi=0 |
| 6 | suhosin.log.stdout=255 | ||
| 7 | suhosin.log.script=0 | 6 | suhosin.log.script=0 |
| 7 | suhosin.log.file=255 | ||
| 8 | suhosin.log.file.time=0 | ||
| 9 | suhosin.log.file.name={PWD}/suhosintest.$$.log.tmp | ||
| 10 | auto_append_file={PWD}/suhosintest.$$.log.tmp | ||
| 8 | suhosin.request.max_totalname_length=7 | 11 | suhosin.request.max_totalname_length=7 |
| 9 | --SKIPIF-- | 12 | --SKIPIF-- |
| 10 | <?php include('skipif.inc'); ?> | 13 | <?php include('../skipif.inc'); ?> |
| 11 | --COOKIE-- | 14 | --COOKIE-- |
| 12 | var=0;var1=1;var2[]=2;var3[xxx]=3;var04=4;var05[]=5;var06[xxx]=6; | 15 | var=0;var1=1;var2[]=2;var3[xxx]=3;var04=4;var05[]=5;var06[xxx]=6; |
| 13 | --GET-- | 16 | --GET-- |
diff --git a/tests/filter/input_filter_request_max_value_length.phpt b/tests/filter/input_filter_request_max_value_length.phpt index 6906fb0..7617ff2 100644 --- a/tests/filter/input_filter_request_max_value_length.phpt +++ b/tests/filter/input_filter_request_max_value_length.phpt | |||
| @@ -3,11 +3,14 @@ suhosin input filter (suhosin.request.max_value_length) | |||
| 3 | --INI-- | 3 | --INI-- |
| 4 | suhosin.log.syslog=0 | 4 | suhosin.log.syslog=0 |
| 5 | suhosin.log.sapi=0 | 5 | suhosin.log.sapi=0 |
| 6 | suhosin.log.stdout=255 | ||
| 7 | suhosin.log.script=0 | 6 | suhosin.log.script=0 |
| 7 | suhosin.log.file=255 | ||
| 8 | suhosin.log.file.time=0 | ||
| 9 | suhosin.log.file.name={PWD}/suhosintest.$$.log.tmp | ||
| 10 | auto_append_file={PWD}/suhosintest.$$.log.tmp | ||
| 8 | suhosin.request.max_value_length=3 | 11 | suhosin.request.max_value_length=3 |
| 9 | --SKIPIF-- | 12 | --SKIPIF-- |
| 10 | <?php include('skipif.inc'); ?> | 13 | <?php include('../skipif.inc'); ?> |
| 11 | --COOKIE-- | 14 | --COOKIE-- |
| 12 | var1=1;var2=22;var3=333;var4=4444;var5=55%00555;var6=666666; | 15 | var1=1;var2=22;var3=333;var4=4444;var5=55%00555;var6=666666; |
| 13 | --GET-- | 16 | --GET-- |
diff --git a/tests/filter/post_fileupload_filter_1.phpt b/tests/filter/post_fileupload_filter_1.phpt index 453c38d..4cb67fd 100644 --- a/tests/filter/post_fileupload_filter_1.phpt +++ b/tests/filter/post_fileupload_filter_1.phpt | |||
| @@ -3,12 +3,15 @@ suhosin rfc1867 file upload filter (disallowed variable names) | |||
| 3 | --INI-- | 3 | --INI-- |
| 4 | suhosin.log.syslog=0 | 4 | suhosin.log.syslog=0 |
| 5 | suhosin.log.sapi=0 | 5 | suhosin.log.sapi=0 |
| 6 | suhosin.log.stdout=255 | ||
| 7 | suhosin.log.script=0 | 6 | suhosin.log.script=0 |
| 7 | suhosin.log.file=255 | ||
| 8 | suhosin.log.file.time=0 | ||
| 9 | suhosin.log.file.name={PWD}/suhosintest.$$.log.tmp | ||
| 10 | auto_append_file={PWD}/suhosintest.$$.log.tmp | ||
| 8 | file_uploads=1 | 11 | file_uploads=1 |
| 9 | upload_max_filesize=1024 | 12 | upload_max_filesize=1024 |
| 10 | --SKIPIF-- | 13 | --SKIPIF-- |
| 11 | <?php include('skipif.inc'); ?> | 14 | <?php include('../skipif.inc'); ?> |
| 12 | --COOKIE-- | 15 | --COOKIE-- |
| 13 | --GET-- | 16 | --GET-- |
| 14 | --POST_RAW-- | 17 | --POST_RAW-- |
diff --git a/tests/filter/post_fileupload_filter_2.phpt b/tests/filter/post_fileupload_filter_2.phpt index 48c63dc..51064f2 100644 --- a/tests/filter/post_fileupload_filter_2.phpt +++ b/tests/filter/post_fileupload_filter_2.phpt | |||
| @@ -3,13 +3,16 @@ suhosin rfc1867 file upload filter (suhosin.post.max_vars) | |||
| 3 | --INI-- | 3 | --INI-- |
| 4 | suhosin.log.syslog=0 | 4 | suhosin.log.syslog=0 |
| 5 | suhosin.log.sapi=0 | 5 | suhosin.log.sapi=0 |
| 6 | suhosin.log.stdout=255 | ||
| 7 | suhosin.log.script=0 | 6 | suhosin.log.script=0 |
| 7 | suhosin.log.file=255 | ||
| 8 | suhosin.log.file.time=0 | ||
| 9 | suhosin.log.file.name={PWD}/suhosintest.$$.log.tmp | ||
| 10 | auto_append_file={PWD}/suhosintest.$$.log.tmp | ||
| 8 | suhosin.post.max_vars=5 | 11 | suhosin.post.max_vars=5 |
| 9 | file_uploads=1 | 12 | file_uploads=1 |
| 10 | upload_max_filesize=1024 | 13 | upload_max_filesize=1024 |
| 11 | --SKIPIF-- | 14 | --SKIPIF-- |
| 12 | <?php include('skipif.inc'); ?> | 15 | <?php include('../skipif.inc'); ?> |
| 13 | --COOKIE-- | 16 | --COOKIE-- |
| 14 | --GET-- | 17 | --GET-- |
| 15 | --POST_RAW-- | 18 | --POST_RAW-- |
diff --git a/tests/filter/post_filter_1.phpt b/tests/filter/post_filter_1.phpt index eee353d..61eee24 100644 --- a/tests/filter/post_filter_1.phpt +++ b/tests/filter/post_filter_1.phpt | |||
| @@ -3,10 +3,13 @@ suhosin POST filter (disallowed variable names) | |||
| 3 | --INI-- | 3 | --INI-- |
| 4 | suhosin.log.syslog=0 | 4 | suhosin.log.syslog=0 |
| 5 | suhosin.log.sapi=0 | 5 | suhosin.log.sapi=0 |
| 6 | suhosin.log.stdout=255 | ||
| 7 | suhosin.log.script=0 | 6 | suhosin.log.script=0 |
| 7 | suhosin.log.file=255 | ||
| 8 | suhosin.log.file.time=0 | ||
| 9 | suhosin.log.file.name={PWD}/suhosintest.$$.log.tmp | ||
| 10 | auto_append_file={PWD}/suhosintest.$$.log.tmp | ||
| 8 | --SKIPIF-- | 11 | --SKIPIF-- |
| 9 | <?php include('skipif.inc'); ?> | 12 | <?php include('../skipif.inc'); ?> |
| 10 | --COOKIE-- | 13 | --COOKIE-- |
| 11 | --GET-- | 14 | --GET-- |
| 12 | --POST-- | 15 | --POST-- |
diff --git a/tests/filter/post_filter_2.phpt b/tests/filter/post_filter_2.phpt index 22e773a..b64ffd0 100644 --- a/tests/filter/post_filter_2.phpt +++ b/tests/filter/post_filter_2.phpt | |||
| @@ -3,11 +3,14 @@ suhosin POST filter (suhosin.post.max_vars) | |||
| 3 | --INI-- | 3 | --INI-- |
| 4 | suhosin.log.syslog=0 | 4 | suhosin.log.syslog=0 |
| 5 | suhosin.log.sapi=0 | 5 | suhosin.log.sapi=0 |
| 6 | suhosin.log.stdout=255 | ||
| 7 | suhosin.log.script=0 | 6 | suhosin.log.script=0 |
| 7 | suhosin.log.file=255 | ||
| 8 | suhosin.log.file.time=0 | ||
| 9 | suhosin.log.file.name={PWD}/suhosintest.$$.log.tmp | ||
| 10 | auto_append_file={PWD}/suhosintest.$$.log.tmp | ||
| 8 | suhosin.post.max_vars=5 | 11 | suhosin.post.max_vars=5 |
| 9 | --SKIPIF-- | 12 | --SKIPIF-- |
| 10 | <?php include('skipif.inc'); ?> | 13 | <?php include('../skipif.inc'); ?> |
| 11 | --COOKIE-- | 14 | --COOKIE-- |
| 12 | --GET-- | 15 | --GET-- |
| 13 | --POST-- | 16 | --POST-- |
diff --git a/tests/filter/post_filter_empty_var.phpt b/tests/filter/post_filter_empty_var.phpt index f1eef0c..87866e2 100644 --- a/tests/filter/post_filter_empty_var.phpt +++ b/tests/filter/post_filter_empty_var.phpt | |||
| @@ -6,7 +6,7 @@ suhosin.log.sapi=0 | |||
| 6 | suhosin.log.stdout=255 | 6 | suhosin.log.stdout=255 |
| 7 | suhosin.log.script=0 | 7 | suhosin.log.script=0 |
| 8 | --SKIPIF-- | 8 | --SKIPIF-- |
| 9 | <?php include('skipif.inc'); ?> | 9 | <?php include('../skipif.inc'); ?> |
| 10 | --COOKIE-- | 10 | --COOKIE-- |
| 11 | --GET-- | 11 | --GET-- |
| 12 | --POST-- | 12 | --POST-- |
diff --git a/tests/filter/server_encode_off.phpt b/tests/filter/server_encode_off.phpt index 8daccea..69793fd 100644 --- a/tests/filter/server_encode_off.phpt +++ b/tests/filter/server_encode_off.phpt | |||
| @@ -9,7 +9,7 @@ suhosin.log.stdout=255 | |||
| 9 | suhosin.log.script=0 | 9 | suhosin.log.script=0 |
| 10 | suhosin.server.encode=Off | 10 | suhosin.server.encode=Off |
| 11 | --SKIPIF-- | 11 | --SKIPIF-- |
| 12 | <?php include('skipif.inc'); ?> | 12 | <?php include('../skipif.inc'); ?> |
| 13 | --ENV-- | 13 | --ENV-- |
| 14 | return <<<END | 14 | return <<<END |
| 15 | REQUEST_URI=AAA<>"'`!AAA | 15 | REQUEST_URI=AAA<>"'`!AAA |
diff --git a/tests/filter/server_encode_on.phpt b/tests/filter/server_encode_on.phpt index 4cd7a66..3b02ce4 100644 --- a/tests/filter/server_encode_on.phpt +++ b/tests/filter/server_encode_on.phpt | |||
| @@ -9,7 +9,7 @@ suhosin.log.stdout=255 | |||
| 9 | suhosin.log.script=0 | 9 | suhosin.log.script=0 |
| 10 | suhosin.server.encode=On | 10 | suhosin.server.encode=On |
| 11 | --SKIPIF-- | 11 | --SKIPIF-- |
| 12 | <?php include('skipif.inc'); ?> | 12 | <?php include('../skipif.inc'); ?> |
| 13 | --ENV-- | 13 | --ENV-- |
| 14 | return <<<END | 14 | return <<<END |
| 15 | REQUEST_URI=AAA<>"'`!AAA | 15 | REQUEST_URI=AAA<>"'`!AAA |
diff --git a/tests/filter/server_filter.phpt b/tests/filter/server_filter.phpt index b1271bd..f2afdf7 100644 --- a/tests/filter/server_filter.phpt +++ b/tests/filter/server_filter.phpt | |||
| @@ -3,10 +3,13 @@ suhosin SERVER filter | |||
| 3 | --INI-- | 3 | --INI-- |
| 4 | suhosin.log.syslog=0 | 4 | suhosin.log.syslog=0 |
| 5 | suhosin.log.sapi=0 | 5 | suhosin.log.sapi=0 |
| 6 | suhosin.log.stdout=255 | ||
| 7 | suhosin.log.script=0 | 6 | suhosin.log.script=0 |
| 7 | suhosin.log.file=255 | ||
| 8 | suhosin.log.file.time=0 | ||
| 9 | suhosin.log.file.name={PWD}/suhosintest.$$.log.tmp | ||
| 10 | auto_append_file={PWD}/suhosintest.$$.log.tmp | ||
| 8 | --SKIPIF-- | 11 | --SKIPIF-- |
| 9 | <?php include('skipif.inc'); ?> | 12 | <?php include('../skipif.inc'); ?> |
| 10 | --ENV-- | 13 | --ENV-- |
| 11 | return <<<END | 14 | return <<<END |
| 12 | HTTP_POST_VARS=HTTP_POST_VARS | 15 | HTTP_POST_VARS=HTTP_POST_VARS |
diff --git a/tests/filter/server_strip_off.phpt b/tests/filter/server_strip_off.phpt index 75c326e..57b2e97 100644 --- a/tests/filter/server_strip_off.phpt +++ b/tests/filter/server_strip_off.phpt | |||
| @@ -9,7 +9,7 @@ suhosin.log.stdout=255 | |||
| 9 | suhosin.log.script=0 | 9 | suhosin.log.script=0 |
| 10 | suhosin.server.strip=Off | 10 | suhosin.server.strip=Off |
| 11 | --SKIPIF-- | 11 | --SKIPIF-- |
| 12 | <?php include('skipif.inc'); ?> | 12 | <?php include('../skipif.inc'); ?> |
| 13 | --ENV-- | 13 | --ENV-- |
| 14 | return <<<END | 14 | return <<<END |
| 15 | SCRIPT_NAME=X/index.php/THIS_IS_A_FAKE_NAME<>"'`!AAA | 15 | SCRIPT_NAME=X/index.php/THIS_IS_A_FAKE_NAME<>"'`!AAA |
diff --git a/tests/filter/server_strip_on.phpt b/tests/filter/server_strip_on.phpt index c595e95..9e9d991 100644 --- a/tests/filter/server_strip_on.phpt +++ b/tests/filter/server_strip_on.phpt | |||
| @@ -9,7 +9,7 @@ suhosin.log.stdout=255 | |||
| 9 | suhosin.log.script=0 | 9 | suhosin.log.script=0 |
| 10 | suhosin.server.strip=On | 10 | suhosin.server.strip=On |
| 11 | --SKIPIF-- | 11 | --SKIPIF-- |
| 12 | <?php include('skipif.inc'); ?> | 12 | <?php include('../skipif.inc'); ?> |
| 13 | --ENV-- | 13 | --ENV-- |
| 14 | return <<<END | 14 | return <<<END |
| 15 | SCRIPT_NAME=X/index.php/THIS_IS_A_FAKE_NAME<>"'`!AAA | 15 | SCRIPT_NAME=X/index.php/THIS_IS_A_FAKE_NAME<>"'`!AAA |
diff --git a/tests/filter/server_user_agent_strip_off.phpt b/tests/filter/server_user_agent_strip_off.phpt index 36c6580..1f58007 100644 --- a/tests/filter/server_user_agent_strip_off.phpt +++ b/tests/filter/server_user_agent_strip_off.phpt | |||
| @@ -9,7 +9,7 @@ suhosin.log.stdout=255 | |||
| 9 | suhosin.log.script=0 | 9 | suhosin.log.script=0 |
| 10 | suhosin.server.strip=Off | 10 | suhosin.server.strip=Off |
| 11 | --SKIPIF-- | 11 | --SKIPIF-- |
| 12 | <?php include('skipif.inc'); ?> | 12 | <?php include('../skipif.inc'); ?> |
| 13 | --ENV-- | 13 | --ENV-- |
| 14 | return <<<END | 14 | return <<<END |
| 15 | HTTP_USER_AGENT=Mozilla/5.0 (Windows NT 6.0; rv:29.0) <script>alert('123');</script>Gecko/20100101 Firefox/29.0 | 15 | HTTP_USER_AGENT=Mozilla/5.0 (Windows NT 6.0; rv:29.0) <script>alert('123');</script>Gecko/20100101 Firefox/29.0 |
diff --git a/tests/filter/server_user_agent_strip_on.phpt b/tests/filter/server_user_agent_strip_on.phpt index 73d577c..df1d040 100644 --- a/tests/filter/server_user_agent_strip_on.phpt +++ b/tests/filter/server_user_agent_strip_on.phpt | |||
| @@ -9,7 +9,7 @@ suhosin.log.stdout=255 | |||
| 9 | suhosin.log.script=0 | 9 | suhosin.log.script=0 |
| 10 | suhosin.server.strip=On | 10 | suhosin.server.strip=On |
| 11 | --SKIPIF-- | 11 | --SKIPIF-- |
| 12 | <?php include('skipif.inc'); ?> | 12 | <?php include('../skipif.inc'); ?> |
| 13 | --ENV-- | 13 | --ENV-- |
| 14 | return <<<END | 14 | return <<<END |
| 15 | HTTP_USER_AGENT=Mozilla/5.0 (Windows NT 6.0; rv:29.0) <script>alert('123');</script>Gecko/20100101 Firefox/29.0 | 15 | HTTP_USER_AGENT=Mozilla/5.0 (Windows NT 6.0; rv:29.0) <script>alert('123');</script>Gecko/20100101 Firefox/29.0 |
diff --git a/tests/filter/suhosin_upload_disallow_binary_off.phpt b/tests/filter/suhosin_upload_disallow_binary_off.phpt index cde9ea7..bcb76be 100644 --- a/tests/filter/suhosin_upload_disallow_binary_off.phpt +++ b/tests/filter/suhosin_upload_disallow_binary_off.phpt | |||
| Binary files differ | |||
diff --git a/tests/filter/suhosin_upload_disallow_binary_on.phpt b/tests/filter/suhosin_upload_disallow_binary_on.phpt index 1e3444e..bc2c7ea 100644 --- a/tests/filter/suhosin_upload_disallow_binary_on.phpt +++ b/tests/filter/suhosin_upload_disallow_binary_on.phpt | |||
| Binary files differ | |||
diff --git a/tests/filter/suhosin_upload_disallow_binary_utf8.phpt b/tests/filter/suhosin_upload_disallow_binary_utf8.phpt index 557a8d5..d14f041 100644 --- a/tests/filter/suhosin_upload_disallow_binary_utf8.phpt +++ b/tests/filter/suhosin_upload_disallow_binary_utf8.phpt | |||
| @@ -11,7 +11,9 @@ suhosin.upload.allow_utf8=On | |||
| 11 | max_file_uploads=40 | 11 | max_file_uploads=40 |
| 12 | suhosin.upload.max_uploads=40 | 12 | suhosin.upload.max_uploads=40 |
| 13 | --SKIPIF-- | 13 | --SKIPIF-- |
| 14 | <?php include('skipif.inc'); ?> | 14 | <?php include('../skipif.inc'); |
| 15 | if (ini_get('suhosin.upload.allow_utf8') === FALSE) { die("skip feature not compiled in"); } | ||
| 16 | ?> | ||
| 15 | --COOKIE-- | 17 | --COOKIE-- |
| 16 | --GET-- | 18 | --GET-- |
| 17 | --POST_RAW-- | 19 | --POST_RAW-- |
diff --git a/tests/filter/suhosin_upload_disallow_binary_utf8fail.phpt b/tests/filter/suhosin_upload_disallow_binary_utf8fail.phpt index 413d25a..95e4864 100644 --- a/tests/filter/suhosin_upload_disallow_binary_utf8fail.phpt +++ b/tests/filter/suhosin_upload_disallow_binary_utf8fail.phpt | |||
| @@ -3,15 +3,20 @@ Testing: suhosin.upload.disallow_binary=On with UTF-8 and allow_utf8=Off | |||
| 3 | --INI-- | 3 | --INI-- |
| 4 | suhosin.log.syslog=0 | 4 | suhosin.log.syslog=0 |
| 5 | suhosin.log.sapi=0 | 5 | suhosin.log.sapi=0 |
| 6 | suhosin.log.stdout=255 | ||
| 7 | suhosin.log.script=0 | 6 | suhosin.log.script=0 |
| 7 | suhosin.log.file=255 | ||
| 8 | suhosin.log.file.time=0 | ||
| 9 | suhosin.log.file.name={PWD}/suhosintest.$$.log.tmp | ||
| 10 | auto_append_file={PWD}/suhosintest.$$.log.tmp | ||
| 8 | file_uploads=1 | 11 | file_uploads=1 |
| 9 | suhosin.upload.disallow_binary=On | 12 | suhosin.upload.disallow_binary=On |
| 10 | suhosin.upload.allow_utf8=Off | 13 | suhosin.upload.allow_utf8=Off |
| 11 | max_file_uploads=40 | 14 | max_file_uploads=40 |
| 12 | suhosin.upload.max_uploads=40 | 15 | suhosin.upload.max_uploads=40 |
| 13 | --SKIPIF-- | 16 | --SKIPIF-- |
| 14 | <?php include('skipif.inc'); ?> | 17 | <?php include('../skipif.inc'); |
| 18 | if (ini_get('suhosin.upload.allow_utf8') === FALSE) { die("skip feature not compiled in"); } | ||
| 19 | ?> | ||
| 15 | --COOKIE-- | 20 | --COOKIE-- |
| 16 | --GET-- | 21 | --GET-- |
| 17 | --POST_RAW-- | 22 | --POST_RAW-- |
diff --git a/tests/filter/suhosin_upload_disallow_elf.phpt b/tests/filter/suhosin_upload_disallow_elf.phpt index 4ad2071..7b074f7 100644 --- a/tests/filter/suhosin_upload_disallow_elf.phpt +++ b/tests/filter/suhosin_upload_disallow_elf.phpt | |||
| @@ -3,12 +3,15 @@ Testing: suhosin.upload.disallow_elf=On | |||
| 3 | --INI-- | 3 | --INI-- |
| 4 | suhosin.log.syslog=0 | 4 | suhosin.log.syslog=0 |
| 5 | suhosin.log.sapi=0 | 5 | suhosin.log.sapi=0 |
| 6 | suhosin.log.stdout=255 | ||
| 7 | suhosin.log.script=0 | 6 | suhosin.log.script=0 |
| 7 | suhosin.log.file=255 | ||
| 8 | suhosin.log.file.time=0 | ||
| 9 | suhosin.log.file.name={PWD}/suhosintest.$$.log.tmp | ||
| 10 | auto_append_file={PWD}/suhosintest.$$.log.tmp | ||
| 8 | file_uploads=1 | 11 | file_uploads=1 |
| 9 | suhosin.upload.disallow_elf=On | 12 | suhosin.upload.disallow_elf=On |
| 10 | --SKIPIF-- | 13 | --SKIPIF-- |
| 11 | <?php include('skipif.inc'); ?> | 14 | <?php include('../skipif.inc'); ?> |
| 12 | --COOKIE-- | 15 | --COOKIE-- |
| 13 | --GET-- | 16 | --GET-- |
| 14 | --POST_RAW-- | 17 | --POST_RAW-- |
diff --git a/tests/filter/suhosin_upload_disallow_elf_off.phpt b/tests/filter/suhosin_upload_disallow_elf_off.phpt index 8be8301..832692c 100644 --- a/tests/filter/suhosin_upload_disallow_elf_off.phpt +++ b/tests/filter/suhosin_upload_disallow_elf_off.phpt | |||
| @@ -8,7 +8,7 @@ suhosin.log.script=0 | |||
| 8 | file_uploads=1 | 8 | file_uploads=1 |
| 9 | suhosin.upload.disallow_elf=Off | 9 | suhosin.upload.disallow_elf=Off |
| 10 | --SKIPIF-- | 10 | --SKIPIF-- |
| 11 | <?php include('skipif.inc'); ?> | 11 | <?php include('../skipif.inc'); ?> |
| 12 | --COOKIE-- | 12 | --COOKIE-- |
| 13 | --GET-- | 13 | --GET-- |
| 14 | --POST_RAW-- | 14 | --POST_RAW-- |
diff --git a/tests/filter/suhosin_upload_max_uploads.phpt b/tests/filter/suhosin_upload_max_uploads.phpt index 2e984bc..fb6f249 100644 --- a/tests/filter/suhosin_upload_max_uploads.phpt +++ b/tests/filter/suhosin_upload_max_uploads.phpt | |||
| @@ -3,13 +3,16 @@ suhosin.upload.max_uploads | |||
| 3 | --INI-- | 3 | --INI-- |
| 4 | suhosin.log.syslog=0 | 4 | suhosin.log.syslog=0 |
| 5 | suhosin.log.sapi=0 | 5 | suhosin.log.sapi=0 |
| 6 | suhosin.log.stdout=255 | ||
| 7 | suhosin.log.script=0 | 6 | suhosin.log.script=0 |
| 7 | suhosin.log.file=255 | ||
| 8 | suhosin.log.file.time=0 | ||
| 9 | suhosin.log.file.name={PWD}/suhosintest.$$.log.tmp | ||
| 10 | auto_append_file={PWD}/suhosintest.$$.log.tmp | ||
| 8 | suhosin.post.max_vars=5 | 11 | suhosin.post.max_vars=5 |
| 9 | file_uploads=1 | 12 | file_uploads=1 |
| 10 | suhosin.upload.max_uploads=3 | 13 | suhosin.upload.max_uploads=3 |
| 11 | --SKIPIF-- | 14 | --SKIPIF-- |
| 12 | <?php include('skipif.inc'); ?> | 15 | <?php include('../skipif.inc'); ?> |
| 13 | --COOKIE-- | 16 | --COOKIE-- |
| 14 | --GET-- | 17 | --GET-- |
| 15 | --POST_RAW-- | 18 | --POST_RAW-- |
diff --git a/tests/filter/suhosin_upload_remove_binary.phpt b/tests/filter/suhosin_upload_remove_binary.phpt index f4337d9..8d158c3 100644 --- a/tests/filter/suhosin_upload_remove_binary.phpt +++ b/tests/filter/suhosin_upload_remove_binary.phpt | |||
| Binary files differ | |||
diff --git a/tests/filter/suhosin_upload_remove_binary_utf8.phpt b/tests/filter/suhosin_upload_remove_binary_utf8.phpt index 6fbd240..564c095 100644 --- a/tests/filter/suhosin_upload_remove_binary_utf8.phpt +++ b/tests/filter/suhosin_upload_remove_binary_utf8.phpt | |||
| @@ -12,7 +12,9 @@ suhosin.upload.allow_utf8=On | |||
| 12 | max_file_uploads=40 | 12 | max_file_uploads=40 |
| 13 | suhosin.upload.max_uploads=40 | 13 | suhosin.upload.max_uploads=40 |
| 14 | --SKIPIF-- | 14 | --SKIPIF-- |
| 15 | <?php include('skipif.inc'); ?> | 15 | <?php include('../skipif.inc'); |
| 16 | if (ini_get('suhosin.upload.allow_utf8') === FALSE) { die("skip feature not compiled in"); } | ||
| 17 | ?> | ||
| 16 | --COOKIE-- | 18 | --COOKIE-- |
| 17 | --GET-- | 19 | --GET-- |
| 18 | --POST_RAW-- | 20 | --POST_RAW-- |
diff --git a/tests/filter/suhosin_upload_remove_binary_utf8fail.phpt b/tests/filter/suhosin_upload_remove_binary_utf8fail.phpt index 5c31115..4787a3a 100644 --- a/tests/filter/suhosin_upload_remove_binary_utf8fail.phpt +++ b/tests/filter/suhosin_upload_remove_binary_utf8fail.phpt | |||
| @@ -12,7 +12,9 @@ suhosin.upload.allow_utf8=Off | |||
| 12 | max_file_uploads=40 | 12 | max_file_uploads=40 |
| 13 | suhosin.upload.max_uploads=40 | 13 | suhosin.upload.max_uploads=40 |
| 14 | --SKIPIF-- | 14 | --SKIPIF-- |
| 15 | <?php include('skipif.inc'); ?> | 15 | <?php include('../skipif.inc'); |
| 16 | if (ini_get('suhosin.upload.allow_utf8') === FALSE) { die("skip feature not compiled in"); } | ||
| 17 | ?> | ||
| 16 | --COOKIE-- | 18 | --COOKIE-- |
| 17 | --GET-- | 19 | --GET-- |
| 18 | --POST_RAW-- | 20 | --POST_RAW-- |
diff --git a/tests/include/include_uploaded_file_diff_filename.phpt b/tests/include/include_uploaded_file_diff_filename.phpt index 8d3bca5..2c28340 100644 --- a/tests/include/include_uploaded_file_diff_filename.phpt +++ b/tests/include/include_uploaded_file_diff_filename.phpt | |||
| @@ -5,9 +5,8 @@ Testing include file from $_FILES (but change name a bit) | |||
| 5 | --INI-- | 5 | --INI-- |
| 6 | suhosin.log.syslog=0 | 6 | suhosin.log.syslog=0 |
| 7 | suhosin.log.sapi=0 | 7 | suhosin.log.sapi=0 |
| 8 | suhosin.log.stdout=255 | ||
| 9 | suhosin.log.script=0 | 8 | suhosin.log.script=0 |
| 10 | suhosin.log.phpscript=0 | 9 | suhosin.log.stdout=255 |
| 11 | suhosin.executor.include.whitelist= | 10 | suhosin.executor.include.whitelist= |
| 12 | suhosin.executor.include.blacklist= | 11 | suhosin.executor.include.blacklist= |
| 13 | --POST_RAW-- | 12 | --POST_RAW-- |
diff --git a/tests/include/include_uploaded_file_from_FILES.phpt b/tests/include/include_uploaded_file_from_FILES.phpt index 1ec20f3..2c782b4 100644 --- a/tests/include/include_uploaded_file_from_FILES.phpt +++ b/tests/include/include_uploaded_file_from_FILES.phpt | |||
| @@ -5,9 +5,8 @@ Testing include file from $_FILES | |||
| 5 | --INI-- | 5 | --INI-- |
| 6 | suhosin.log.syslog=0 | 6 | suhosin.log.syslog=0 |
| 7 | suhosin.log.sapi=0 | 7 | suhosin.log.sapi=0 |
| 8 | suhosin.log.stdout=255 | ||
| 9 | suhosin.log.script=0 | 8 | suhosin.log.script=0 |
| 10 | suhosin.log.phpscript=0 | 9 | suhosin.log.stdout=255 |
| 11 | suhosin.executor.include.whitelist= | 10 | suhosin.executor.include.whitelist= |
| 12 | suhosin.executor.include.blacklist= | 11 | suhosin.executor.include.blacklist= |
| 13 | --POST_RAW-- | 12 | --POST_RAW-- |
diff --git a/tests/logging/use_x_forwarded_for_off.phpt b/tests/logging/use_x_forwarded_for_off.phpt index 6b31d53..2820523 100644 --- a/tests/logging/use_x_forwarded_for_off.phpt +++ b/tests/logging/use_x_forwarded_for_off.phpt | |||
| @@ -3,12 +3,16 @@ Testing: suhosin.log.use-x-forwarded-for=Off | |||
| 3 | --SKIPIF-- | 3 | --SKIPIF-- |
| 4 | <?php include "../skipifnotcli.inc"; ?> | 4 | <?php include "../skipifnotcli.inc"; ?> |
| 5 | --INI-- | 5 | --INI-- |
| 6 | suhosin.log.syslog=0 | ||
| 6 | suhosin.log.sapi=0 | 7 | suhosin.log.sapi=0 |
| 7 | suhosin.log.stdout=255 | ||
| 8 | suhosin.log.script=0 | 8 | suhosin.log.script=0 |
| 9 | suhosin.log.syslog=0 | 9 | suhosin.log.file=255 |
| 10 | suhosin.log.file.time=0 | ||
| 11 | suhosin.log.file.name={PWD}/suhosintest.$$.log.tmp | ||
| 12 | auto_append_file={PWD}/suhosintest.$$.log.tmp | ||
| 10 | suhosin.executor.func.blacklist=max | 13 | suhosin.executor.func.blacklist=max |
| 11 | suhosin.log.use-x-forwarded-for=Off | 14 | suhosin.log.use-x-forwarded-for=Off |
| 15 | suhosin.simulation=1 | ||
| 12 | --ENV-- | 16 | --ENV-- |
| 13 | return <<<END | 17 | return <<<END |
| 14 | REMOTE_ADDR=101.102.103.104 | 18 | REMOTE_ADDR=101.102.103.104 |
| @@ -19,5 +23,5 @@ END; | |||
| 19 | max(1,2); | 23 | max(1,2); |
| 20 | ?> | 24 | ?> |
| 21 | --EXPECTF-- | 25 | --EXPECTF-- |
| 22 | Warning: max() has been disabled for security reasons in %s on line 2 | 26 | Warning: SIMULATION - max() has been disabled for security reasons in %s on line 2 |
| 23 | ALERT - function within blacklist called: max() (attacker '101.102.103.104', file '%s', line 2) \ No newline at end of file | 27 | ALERT-SIMULATION - function within blacklist called: max() (attacker '101.102.103.104', file '%s', line 2) \ No newline at end of file |
diff --git a/tests/logging/use_x_forwarded_for_off_no_remote_addr.phpt b/tests/logging/use_x_forwarded_for_off_no_remote_addr.phpt index bd4c72b..1a30e81 100644 --- a/tests/logging/use_x_forwarded_for_off_no_remote_addr.phpt +++ b/tests/logging/use_x_forwarded_for_off_no_remote_addr.phpt | |||
| @@ -3,16 +3,20 @@ Testing: suhosin.log.use-x-forwarded-for=Off (without REMOTE_ADDR set) | |||
| 3 | --SKIPIF-- | 3 | --SKIPIF-- |
| 4 | <?php include "../skipifnotcli.inc"; ?> | 4 | <?php include "../skipifnotcli.inc"; ?> |
| 5 | --INI-- | 5 | --INI-- |
| 6 | suhosin.log.syslog=0 | ||
| 6 | suhosin.log.sapi=0 | 7 | suhosin.log.sapi=0 |
| 7 | suhosin.log.stdout=255 | ||
| 8 | suhosin.log.script=0 | 8 | suhosin.log.script=0 |
| 9 | suhosin.log.syslog=0 | 9 | suhosin.log.file=255 |
| 10 | suhosin.log.file.time=0 | ||
| 11 | suhosin.log.file.name={PWD}/suhosintest.$$.log.tmp | ||
| 12 | auto_append_file={PWD}/suhosintest.$$.log.tmp | ||
| 10 | suhosin.executor.func.blacklist=max | 13 | suhosin.executor.func.blacklist=max |
| 11 | suhosin.log.use-x-forwarded-for=Off | 14 | suhosin.log.use-x-forwarded-for=Off |
| 15 | suhosin.simulation=1 | ||
| 12 | --FILE-- | 16 | --FILE-- |
| 13 | <?php | 17 | <?php |
| 14 | max(1,2); | 18 | max(1,2); |
| 15 | ?> | 19 | ?> |
| 16 | --EXPECTF-- | 20 | --EXPECTF-- |
| 17 | Warning: max() has been disabled for security reasons in %s on line 2 | 21 | Warning: SIMULATION - max() has been disabled for security reasons in %s on line 2 |
| 18 | ALERT - function within blacklist called: max() (attacker 'REMOTE_ADDR not set', file '%s', line 2) \ No newline at end of file | 22 | ALERT-SIMULATION - function within blacklist called: max() (attacker 'REMOTE_ADDR not set', file '%s', line 2) \ No newline at end of file |
diff --git a/tests/logging/use_x_forwarded_for_on.phpt b/tests/logging/use_x_forwarded_for_on.phpt index 5f37ca9..e476ba7 100644 --- a/tests/logging/use_x_forwarded_for_on.phpt +++ b/tests/logging/use_x_forwarded_for_on.phpt | |||
| @@ -3,12 +3,16 @@ Testing: suhosin.log.use-x-forwarded-for=On | |||
| 3 | --SKIPIF-- | 3 | --SKIPIF-- |
| 4 | <?php include "../skipifnotcli.inc"; ?> | 4 | <?php include "../skipifnotcli.inc"; ?> |
| 5 | --INI-- | 5 | --INI-- |
| 6 | suhosin.log.syslog=0 | ||
| 6 | suhosin.log.sapi=0 | 7 | suhosin.log.sapi=0 |
| 7 | suhosin.log.stdout=255 | ||
| 8 | suhosin.log.script=0 | 8 | suhosin.log.script=0 |
| 9 | suhosin.log.syslog=0 | 9 | suhosin.log.file=255 |
| 10 | suhosin.log.file.time=0 | ||
| 11 | suhosin.log.file.name={PWD}/suhosintest.$$.log.tmp | ||
| 12 | auto_append_file={PWD}/suhosintest.$$.log.tmp | ||
| 10 | suhosin.executor.func.blacklist=max | 13 | suhosin.executor.func.blacklist=max |
| 11 | suhosin.log.use-x-forwarded-for=On | 14 | suhosin.log.use-x-forwarded-for=On |
| 15 | suhosin.simulation=1 | ||
| 12 | --ENV-- | 16 | --ENV-- |
| 13 | return <<<END | 17 | return <<<END |
| 14 | REMOTE_ADDR=101.102.103.104 | 18 | REMOTE_ADDR=101.102.103.104 |
| @@ -19,5 +23,5 @@ END; | |||
| 19 | max(1,2); | 23 | max(1,2); |
| 20 | ?> | 24 | ?> |
| 21 | --EXPECTF-- | 25 | --EXPECTF-- |
| 22 | Warning: max() has been disabled for security reasons in %s on line 2 | 26 | Warning: SIMULATION - max() has been disabled for security reasons in %s on line 2 |
| 23 | ALERT - function within blacklist called: max() (attacker '1.2.3.4', file '%s', line 2) \ No newline at end of file | 27 | ALERT-SIMULATION - function within blacklist called: max() (attacker '1.2.3.4', file '%s', line 2) \ No newline at end of file |
diff --git a/tests/logging/use_x_forwarded_for_on_no_x_forwarded.phpt b/tests/logging/use_x_forwarded_for_on_no_x_forwarded.phpt index aea6e06..b3e26de 100644 --- a/tests/logging/use_x_forwarded_for_on_no_x_forwarded.phpt +++ b/tests/logging/use_x_forwarded_for_on_no_x_forwarded.phpt | |||
| @@ -3,16 +3,20 @@ Testing: suhosin.log.use-x-forwarded-for=On (without X-Forwarded-For set) | |||
| 3 | --SKIPIF-- | 3 | --SKIPIF-- |
| 4 | <?php include "../skipifnotcli.inc"; ?> | 4 | <?php include "../skipifnotcli.inc"; ?> |
| 5 | --INI-- | 5 | --INI-- |
| 6 | suhosin.log.syslog=0 | ||
| 6 | suhosin.log.sapi=0 | 7 | suhosin.log.sapi=0 |
| 7 | suhosin.log.stdout=255 | ||
| 8 | suhosin.log.script=0 | 8 | suhosin.log.script=0 |
| 9 | suhosin.log.syslog=0 | 9 | suhosin.log.file=255 |
| 10 | suhosin.log.file.time=0 | ||
| 11 | suhosin.log.file.name={PWD}/suhosintest.$$.log.tmp | ||
| 12 | auto_append_file={PWD}/suhosintest.$$.log.tmp | ||
| 10 | suhosin.executor.func.blacklist=max | 13 | suhosin.executor.func.blacklist=max |
| 11 | suhosin.log.use-x-forwarded-for=On | 14 | suhosin.log.use-x-forwarded-for=On |
| 15 | suhosin.simulation=1 | ||
| 12 | --FILE-- | 16 | --FILE-- |
| 13 | <?php | 17 | <?php |
| 14 | max(1,2); | 18 | max(1,2); |
| 15 | ?> | 19 | ?> |
| 16 | --EXPECTF-- | 20 | --EXPECTF-- |
| 17 | Warning: max() has been disabled for security reasons in %s on line 2 | 21 | Warning: SIMULATION - max() has been disabled for security reasons in %s on line 2 |
| 18 | ALERT - function within blacklist called: max() (attacker 'X-FORWARDED-FOR not set', file '%s', line 2) \ No newline at end of file | 22 | ALERT-SIMULATION - function within blacklist called: max() (attacker 'X-FORWARDED-FOR not set', file '%s', line 2) \ No newline at end of file |
diff --git a/tests/sql/mysqli_comment_conditional.phpt b/tests/sql/mysqli_comment_conditional.phpt index 0436c64..02366c0 100644 --- a/tests/sql/mysqli_comment_conditional.phpt +++ b/tests/sql/mysqli_comment_conditional.phpt | |||
| @@ -11,7 +11,7 @@ suhosin.log.stdout=32 | |||
| 11 | --SKIPIF-- | 11 | --SKIPIF-- |
| 12 | <?php | 12 | <?php |
| 13 | include('skipifmysqli.inc'); | 13 | include('skipifmysqli.inc'); |
| 14 | include('skipif.inc'); | 14 | include('../skipif.inc'); |
| 15 | ?> | 15 | ?> |
| 16 | --FILE-- | 16 | --FILE-- |
| 17 | <?php | 17 | <?php |
diff --git a/tests/sql/mysqli_comment_cstyle_fail.phpt b/tests/sql/mysqli_comment_cstyle_fail.phpt index 56a8ccb..5a4c5e7 100644 --- a/tests/sql/mysqli_comment_cstyle_fail.phpt +++ b/tests/sql/mysqli_comment_cstyle_fail.phpt | |||
| @@ -11,7 +11,7 @@ suhosin.log.stdout=32 | |||
| 11 | --SKIPIF-- | 11 | --SKIPIF-- |
| 12 | <?php | 12 | <?php |
| 13 | include('skipifmysqli.inc'); | 13 | include('skipifmysqli.inc'); |
| 14 | include('skipif.inc'); | 14 | include('../skipif.inc'); |
| 15 | ?> | 15 | ?> |
| 16 | --FILE-- | 16 | --FILE-- |
| 17 | <?php | 17 | <?php |
diff --git a/tests/sql/mysqli_comment_hashstyle_fail.phpt b/tests/sql/mysqli_comment_hashstyle_fail.phpt index 6f5b517..c67cf44 100644 --- a/tests/sql/mysqli_comment_hashstyle_fail.phpt +++ b/tests/sql/mysqli_comment_hashstyle_fail.phpt | |||
| @@ -11,7 +11,7 @@ suhosin.log.stdout=32 | |||
| 11 | --SKIPIF-- | 11 | --SKIPIF-- |
| 12 | <?php | 12 | <?php |
| 13 | include('skipifmysqli.inc'); | 13 | include('skipifmysqli.inc'); |
| 14 | include('skipif.inc'); | 14 | include('../skipif.inc'); |
| 15 | ?> | 15 | ?> |
| 16 | --FILE-- | 16 | --FILE-- |
| 17 | <?php | 17 | <?php |
diff --git a/tests/sql/mysqli_comment_sqlstyle.phpt b/tests/sql/mysqli_comment_sqlstyle.phpt index c32c76a..d0e454e 100644 --- a/tests/sql/mysqli_comment_sqlstyle.phpt +++ b/tests/sql/mysqli_comment_sqlstyle.phpt | |||
| @@ -11,7 +11,7 @@ suhosin.log.stdout=32 | |||
| 11 | --SKIPIF-- | 11 | --SKIPIF-- |
| 12 | <?php | 12 | <?php |
| 13 | include('skipifmysqli.inc'); | 13 | include('skipifmysqli.inc'); |
| 14 | include('skipif.inc'); | 14 | include('../skipif.inc'); |
| 15 | ?> | 15 | ?> |
| 16 | --FILE-- | 16 | --FILE-- |
| 17 | <?php | 17 | <?php |
diff --git a/tests/sql/mysqli_comment_sqlstyle_fail.phpt b/tests/sql/mysqli_comment_sqlstyle_fail.phpt index 83e63c5..9894d96 100644 --- a/tests/sql/mysqli_comment_sqlstyle_fail.phpt +++ b/tests/sql/mysqli_comment_sqlstyle_fail.phpt | |||
| @@ -11,7 +11,7 @@ suhosin.log.stdout=32 | |||
| 11 | --SKIPIF-- | 11 | --SKIPIF-- |
| 12 | <?php | 12 | <?php |
| 13 | include('skipifmysqli.inc'); | 13 | include('skipifmysqli.inc'); |
| 14 | include('skipif.inc'); | 14 | include('../skipif.inc'); |
| 15 | ?> | 15 | ?> |
| 16 | --FILE-- | 16 | --FILE-- |
| 17 | <?php | 17 | <?php |
diff --git a/tests/sql/mysqli_connect_invalid_username.phpt b/tests/sql/mysqli_connect_invalid_username.phpt index 532254f..c83bf1e 100644 --- a/tests/sql/mysqli_connect_invalid_username.phpt +++ b/tests/sql/mysqli_connect_invalid_username.phpt | |||
| @@ -6,7 +6,7 @@ suhosin.log.stdout=32 | |||
| 6 | --SKIPIF-- | 6 | --SKIPIF-- |
| 7 | <?php | 7 | <?php |
| 8 | include('skipifmysqli.inc'); | 8 | include('skipifmysqli.inc'); |
| 9 | include('skipif.inc'); | 9 | include('../skipif.inc'); |
| 10 | ?> | 10 | ?> |
| 11 | --FILE-- | 11 | --FILE-- |
| 12 | <?php | 12 | <?php |
diff --git a/tests/sql/mysqli_multiselect.phpt b/tests/sql/mysqli_multiselect.phpt index 63d6c19..2595441 100644 --- a/tests/sql/mysqli_multiselect.phpt +++ b/tests/sql/mysqli_multiselect.phpt | |||
| @@ -11,7 +11,7 @@ suhosin.log.stdout=32 | |||
| 11 | --SKIPIF-- | 11 | --SKIPIF-- |
| 12 | <?php | 12 | <?php |
| 13 | include('skipifmysqli.inc'); | 13 | include('skipifmysqli.inc'); |
| 14 | include('skipif.inc'); | 14 | include('../skipif.inc'); |
| 15 | ?> | 15 | ?> |
| 16 | --FILE-- | 16 | --FILE-- |
| 17 | <?php | 17 | <?php |
diff --git a/tests/sql/mysqli_multiselect_fail.phpt b/tests/sql/mysqli_multiselect_fail.phpt index 2bee62a..9f4216f 100644 --- a/tests/sql/mysqli_multiselect_fail.phpt +++ b/tests/sql/mysqli_multiselect_fail.phpt | |||
| @@ -11,7 +11,7 @@ suhosin.log.stdout=32 | |||
| 11 | --SKIPIF-- | 11 | --SKIPIF-- |
| 12 | <?php | 12 | <?php |
| 13 | include('skipifmysqli.inc'); | 13 | include('skipifmysqli.inc'); |
| 14 | include('skipif.inc'); | 14 | include('../skipif.inc'); |
| 15 | ?> | 15 | ?> |
| 16 | --FILE-- | 16 | --FILE-- |
| 17 | <?php | 17 | <?php |
diff --git a/tests/sql/mysqli_multiselect_subselect.phpt b/tests/sql/mysqli_multiselect_subselect.phpt index e629720..6308cfa 100644 --- a/tests/sql/mysqli_multiselect_subselect.phpt +++ b/tests/sql/mysqli_multiselect_subselect.phpt | |||
| @@ -11,7 +11,7 @@ suhosin.log.stdout=32 | |||
| 11 | --SKIPIF-- | 11 | --SKIPIF-- |
| 12 | <?php | 12 | <?php |
| 13 | include('skipifmysqli.inc'); | 13 | include('skipifmysqli.inc'); |
| 14 | include('skipif.inc'); | 14 | include('../skipif.inc'); |
| 15 | ?> | 15 | ?> |
| 16 | --FILE-- | 16 | --FILE-- |
| 17 | <?php | 17 | <?php |
diff --git a/tests/sql/mysqli_no_constraints.phpt b/tests/sql/mysqli_no_constraints.phpt index 1d7fff6..1ba2875 100644 --- a/tests/sql/mysqli_no_constraints.phpt +++ b/tests/sql/mysqli_no_constraints.phpt | |||
| @@ -11,7 +11,7 @@ suhosin.sql.union=0 | |||
| 11 | --SKIPIF-- | 11 | --SKIPIF-- |
| 12 | <?php | 12 | <?php |
| 13 | include('skipifmysqli.inc'); | 13 | include('skipifmysqli.inc'); |
| 14 | include('skipif.inc'); | 14 | include('../skipif.inc'); |
| 15 | ?> | 15 | ?> |
| 16 | --FILE-- | 16 | --FILE-- |
| 17 | <?php | 17 | <?php |
diff --git a/tests/sql/mysqli_open_comment.phpt b/tests/sql/mysqli_open_comment.phpt index 29d3536..e65ebd5 100644 --- a/tests/sql/mysqli_open_comment.phpt +++ b/tests/sql/mysqli_open_comment.phpt | |||
| @@ -11,7 +11,7 @@ suhosin.log.stdout=32 | |||
| 11 | --SKIPIF-- | 11 | --SKIPIF-- |
| 12 | <?php | 12 | <?php |
| 13 | include('skipifmysqli.inc'); | 13 | include('skipifmysqli.inc'); |
| 14 | include('skipif.inc'); | 14 | include('../skipif.inc'); |
| 15 | ?> | 15 | ?> |
| 16 | --FILE-- | 16 | --FILE-- |
| 17 | <?php | 17 | <?php |
diff --git a/tests/sql/mysqli_open_comment_fail.phpt b/tests/sql/mysqli_open_comment_fail.phpt index 4645523..a898153 100644 --- a/tests/sql/mysqli_open_comment_fail.phpt +++ b/tests/sql/mysqli_open_comment_fail.phpt | |||
| @@ -11,7 +11,7 @@ suhosin.log.stdout=32 | |||
| 11 | --SKIPIF-- | 11 | --SKIPIF-- |
| 12 | <?php | 12 | <?php |
| 13 | include('skipifmysqli.inc'); | 13 | include('skipifmysqli.inc'); |
| 14 | include('skipif.inc'); | 14 | include('../skipif.inc'); |
| 15 | ?> | 15 | ?> |
| 16 | --FILE-- | 16 | --FILE-- |
| 17 | <?php | 17 | <?php |
diff --git a/tests/sql/mysqli_union.phpt b/tests/sql/mysqli_union.phpt index 9af9c61..77eb8e4 100644 --- a/tests/sql/mysqli_union.phpt +++ b/tests/sql/mysqli_union.phpt | |||
| @@ -11,7 +11,7 @@ suhosin.log.stdout=32 | |||
| 11 | --SKIPIF-- | 11 | --SKIPIF-- |
| 12 | <?php | 12 | <?php |
| 13 | include('skipifmysqli.inc'); | 13 | include('skipifmysqli.inc'); |
| 14 | include('skipif.inc'); | 14 | include('../skipif.inc'); |
| 15 | ?> | 15 | ?> |
| 16 | --FILE-- | 16 | --FILE-- |
| 17 | <?php | 17 | <?php |
diff --git a/tests/sql/mysqli_union_fail.phpt b/tests/sql/mysqli_union_fail.phpt index ee51a79..ddcfd0e 100644 --- a/tests/sql/mysqli_union_fail.phpt +++ b/tests/sql/mysqli_union_fail.phpt | |||
| @@ -11,7 +11,7 @@ suhosin.log.stdout=32 | |||
| 11 | --SKIPIF-- | 11 | --SKIPIF-- |
| 12 | <?php | 12 | <?php |
| 13 | include('skipifmysqli.inc'); | 13 | include('skipifmysqli.inc'); |
| 14 | include('skipif.inc'); | 14 | include('../skipif.inc'); |
| 15 | ?> | 15 | ?> |
| 16 | --FILE-- | 16 | --FILE-- |
| 17 | <?php | 17 | <?php |
diff --git a/tests/sql/mysqli_user_match_error.phpt b/tests/sql/mysqli_user_match_error.phpt index 69db081..a8d1068 100644 --- a/tests/sql/mysqli_user_match_error.phpt +++ b/tests/sql/mysqli_user_match_error.phpt | |||
| @@ -7,7 +7,7 @@ suhosin.log.stdout=32 | |||
| 7 | --SKIPIF-- | 7 | --SKIPIF-- |
| 8 | <?php | 8 | <?php |
| 9 | include('skipifmysqli.inc'); | 9 | include('skipifmysqli.inc'); |
| 10 | include('skipif.inc'); | 10 | include('../skipif.inc'); |
| 11 | ?> | 11 | ?> |
| 12 | --FILE-- | 12 | --FILE-- |
| 13 | <?php | 13 | <?php |
diff --git a/tests/sql/mysqli_user_match_ok.phpt b/tests/sql/mysqli_user_match_ok.phpt index a2ad832..a1365ed 100644 --- a/tests/sql/mysqli_user_match_ok.phpt +++ b/tests/sql/mysqli_user_match_ok.phpt | |||
| @@ -7,7 +7,7 @@ suhosin.log.stdout=32 | |||
| 7 | --SKIPIF-- | 7 | --SKIPIF-- |
| 8 | <?php | 8 | <?php |
| 9 | include('skipifmysqli.inc'); | 9 | include('skipifmysqli.inc'); |
| 10 | include('skipif.inc'); | 10 | include('../skipif.inc'); |
| 11 | ?> | 11 | ?> |
| 12 | --FILE-- | 12 | --FILE-- |
| 13 | <?php | 13 | <?php |
diff --git a/tests/sql/mysqli_user_postfix.phpt b/tests/sql/mysqli_user_postfix.phpt index 11e3fe6..90be13f 100644 --- a/tests/sql/mysqli_user_postfix.phpt +++ b/tests/sql/mysqli_user_postfix.phpt | |||
| @@ -7,7 +7,7 @@ suhosin.log.stdout=32 | |||
| 7 | --SKIPIF-- | 7 | --SKIPIF-- |
| 8 | <?php | 8 | <?php |
| 9 | include('skipifmysqli.inc'); | 9 | include('skipifmysqli.inc'); |
| 10 | include('skipif.inc'); | 10 | include('../skipif.inc'); |
| 11 | ?> | 11 | ?> |
| 12 | --FILE-- | 12 | --FILE-- |
| 13 | <?php | 13 | <?php |
diff --git a/tests/sql/mysqli_user_prefix.phpt b/tests/sql/mysqli_user_prefix.phpt index bb229f0..5ec793f 100644 --- a/tests/sql/mysqli_user_prefix.phpt +++ b/tests/sql/mysqli_user_prefix.phpt | |||
| @@ -7,7 +7,7 @@ suhosin.log.stdout=32 | |||
| 7 | --SKIPIF-- | 7 | --SKIPIF-- |
| 8 | <?php | 8 | <?php |
| 9 | include('skipifmysqli.inc'); | 9 | include('skipifmysqli.inc'); |
| 10 | include('skipif.inc'); | 10 | include('../skipif.inc'); |
| 11 | ?> | 11 | ?> |
| 12 | --FILE-- | 12 | --FILE-- |
| 13 | <?php | 13 | <?php |
diff --git a/tests/sql/skipifmysqli.inc b/tests/sql/skipifmysqli.inc index ee16cf1..99c235d 100644 --- a/tests/sql/skipifmysqli.inc +++ b/tests/sql/skipifmysqli.inc | |||
| @@ -2,4 +2,7 @@ | |||
| 2 | if (!extension_loaded("mysqli")) { | 2 | if (!extension_loaded("mysqli")) { |
| 3 | die('skip - mysqli extension not available'); | 3 | die('skip - mysqli extension not available'); |
| 4 | } | 4 | } |
| 5 | if (!getenv("TEST_SUHOSIN_MYSQL")) { | ||
| 6 | die("skip TEST_SUHOSIN_MYSQL is not set"); | ||
| 7 | } | ||
| 5 | ?> \ No newline at end of file | 8 | ?> \ No newline at end of file |
| @@ -167,19 +167,23 @@ return_failure: | |||
| 167 | } | 167 | } |
| 168 | /* }}} */ | 168 | /* }}} */ |
| 169 | 169 | ||
| 170 | static inline int suhosin_validate_utf8_multibyte(const char* cp) | 170 | #ifdef SUHOSIN_EXPERIMENTAL |
| 171 | static inline int suhosin_validate_utf8_multibyte(const char* cp, size_t maxlen) | ||
| 171 | { | 172 | { |
| 173 | if (maxlen < 2 || !(*cp & 0x80)) { return 0; } | ||
| 172 | if ((*cp & 0xe0) == 0xc0 && // 1st byte is 110xxxxx | 174 | if ((*cp & 0xe0) == 0xc0 && // 1st byte is 110xxxxx |
| 173 | (*(cp+1) & 0xc0) == 0x80 && // 2nd byte is 10xxxxxx | 175 | (*(cp+1) & 0xc0) == 0x80 && // 2nd byte is 10xxxxxx |
| 174 | (*cp & 0x1e)) { // overlong check 110[xxxx]x 10xxxxxx | 176 | (*cp & 0x1e)) { // overlong check 110[xxxx]x 10xxxxxx |
| 175 | return 2; | 177 | return 2; |
| 176 | } | 178 | } |
| 179 | if (maxlen < 3) { return 0; } | ||
| 177 | if ((*cp & 0xf0) == 0xe0 && // 1st byte is 1110xxxx | 180 | if ((*cp & 0xf0) == 0xe0 && // 1st byte is 1110xxxx |
| 178 | (*(cp+1) & 0xc0) == 0x80 && // 2nd byte is 10xxxxxx | 181 | (*(cp+1) & 0xc0) == 0x80 && // 2nd byte is 10xxxxxx |
| 179 | (*(cp+2) & 0xc0) == 0x80 && // 3rd byte is 10xxxxxx | 182 | (*(cp+2) & 0xc0) == 0x80 && // 3rd byte is 10xxxxxx |
| 180 | ((*cp & 0x0f) | (*(cp+1) & 0x20))) { // 1110[xxxx] 10[x]xxxxx 10xxxxxx | 183 | ((*cp & 0x0f) | (*(cp+1) & 0x20))) { // 1110[xxxx] 10[x]xxxxx 10xxxxxx |
| 181 | return 3; | 184 | return 3; |
| 182 | } | 185 | } |
| 186 | if (maxlen < 4) { return 0; } | ||
| 183 | if ((*cp & 0xf8) == 0xf0 && // 1st byte is 11110xxx | 187 | if ((*cp & 0xf8) == 0xf0 && // 1st byte is 11110xxx |
| 184 | (*(cp+1) & 0xc0) == 0x80 && // 2nd byte is 10xxxxxx | 188 | (*(cp+1) & 0xc0) == 0x80 && // 2nd byte is 10xxxxxx |
| 185 | (*(cp+2) & 0xc0) == 0x80 && // 3rd byte is 10xxxxxx | 189 | (*(cp+2) & 0xc0) == 0x80 && // 3rd byte is 10xxxxxx |
| @@ -189,6 +193,7 @@ static inline int suhosin_validate_utf8_multibyte(const char* cp) | |||
| 189 | } | 193 | } |
| 190 | return 0; | 194 | return 0; |
| 191 | } | 195 | } |
| 196 | #endif | ||
| 192 | 197 | ||
| 193 | int suhosin_rfc1867_filter(unsigned int event, void *event_data, void **extra TSRMLS_DC) | 198 | int suhosin_rfc1867_filter(unsigned int event, void *event_data, void **extra TSRMLS_DC) |
| 194 | { | 199 | { |
| @@ -254,14 +259,15 @@ int suhosin_rfc1867_filter(unsigned int event, void *event_data, void **extra TS | |||
| 254 | if (*cp >= 32 || isspace(*cp)) { | 259 | if (*cp >= 32 || isspace(*cp)) { |
| 255 | continue; | 260 | continue; |
| 256 | } | 261 | } |
| 262 | #ifdef SUHOSIN_EXPERIMENTAL | ||
| 257 | if ((*cp & 0x80) && SUHOSIN_G(upload_allow_utf8)) { | 263 | if ((*cp & 0x80) && SUHOSIN_G(upload_allow_utf8)) { |
| 258 | SDEBUG("checking char %x", *cp); | 264 | SDEBUG("checking char %x", *cp); |
| 259 | if ((n = suhosin_validate_utf8_multibyte(cp))) { // valid UTF8 multibyte character | 265 | if ((n = suhosin_validate_utf8_multibyte(cp, cpend-cp))) { // valid UTF8 multibyte character |
| 260 | cp += n - 1; | 266 | cp += n - 1; |
| 261 | continue; | 267 | continue; |
| 262 | } | 268 | } |
| 263 | } | 269 | } |
| 264 | 270 | #endif | |
| 265 | suhosin_log(S_FILES, "uploaded file contains binary data - file dropped"); | 271 | suhosin_log(S_FILES, "uploaded file contains binary data - file dropped"); |
| 266 | if (!SUHOSIN_G(simulation)) { | 272 | if (!SUHOSIN_G(simulation)) { |
| 267 | goto continue_with_failure; | 273 | goto continue_with_failure; |
| @@ -279,15 +285,17 @@ int suhosin_rfc1867_filter(unsigned int event, void *event_data, void **extra TS | |||
| 279 | for (i=0, j=0; i<mefd->length; i++) { | 285 | for (i=0, j=0; i<mefd->length; i++) { |
| 280 | if (mefd->data[i] >= 32 || isspace(mefd->data[i])) { | 286 | if (mefd->data[i] >= 32 || isspace(mefd->data[i])) { |
| 281 | mefd->data[j++] = mefd->data[i]; | 287 | mefd->data[j++] = mefd->data[i]; |
| 282 | } else if (SUHOSIN_G(upload_allow_utf8) && mefd->data[i] & 0x80) { | 288 | } |
| 283 | n = suhosin_validate_utf8_multibyte(mefd->data + i); | 289 | #ifdef SUHOSIN_EXPERIMENTAL |
| 290 | else if (SUHOSIN_G(upload_allow_utf8) && mefd->data[i] & 0x80) { | ||
| 291 | n = suhosin_validate_utf8_multibyte(mefd->data + i, mefd->length - i); | ||
| 284 | if (!n) { continue; } | 292 | if (!n) { continue; } |
| 285 | while (n) { | 293 | while (n--) { |
| 286 | mefd->data[j++] = mefd->data[i++]; | 294 | mefd->data[j++] = mefd->data[i++]; |
| 287 | n--; | ||
| 288 | } | 295 | } |
| 289 | i--; | 296 | i--; |
| 290 | } | 297 | } |
| 298 | #endif | ||
| 291 | } | 299 | } |
| 292 | mefd->data[j] = '\0'; | 300 | mefd->data[j] = '\0'; |
| 293 | 301 | ||
