1 files changed, 27 insertions, 0 deletions
diff --git a/tests/filter/get_filter_post_disallow_ws.phpt b/tests/filter/get_filter_post_disallow_ws.phpt
new file mode 100644
index 0000000..55c7cf1
--- /dev/null
+++ b/tests/filter/get_filter_post_disallow_ws.phpt
@@ -0,0 +1,27 @@
+--TEST--
+suhosin input filter (suhosin.post.disallow_ws)
+--INI--
+suhosin.log.syslog=0
+suhosin.log.sapi=0
+suhosin.log.stdout=255
+suhosin.log.script=0
+suhosin.post.disallow_ws=1
+--SKIPIF--
+<?php include('skipif.inc'); ?>
+--COOKIE--
+--GET--
+--POST--
+var1=1&var2=2&%20var3=3& var4=4&
+--FILE--
+<?php
+var_dump($_POST);
+?>
+--EXPECTF--
+array(1) {
+  ["var2"]=>
+  string(1) "2"
+}
+ALERT - POST variable name begins with disallowed whitespace - dropped variable ' var1' (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - POST variable name begins with disallowed whitespace - dropped variable ' var3' (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - POST variable name begins with disallowed whitespace - dropped variable ' var4' (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - dropped 3 request variables - (0 in GET, 3 in POST, 0 in COOKIE) (attacker 'REMOTE_ADDR not set', file '%s')
+\ No newline at end of file

diff --git a/tests/filter/get_filter_post_disallow_ws.phpt b/tests/filter/get_filter_post_disallow_ws.phpt new file mode 100644 index 0000000..55c7cf1 --- /dev/null +++ b/tests/filter/get_filter_post_disallow_ws.phpt
@@ -0,0 +1,27 @@
	1	--TEST--
	2	suhosin input filter (suhosin.post.disallow_ws)
	3	--INI--
	4	suhosin.log.syslog=0
	5	suhosin.log.sapi=0
	6	suhosin.log.stdout=255
	7	suhosin.log.script=0
	8	suhosin.post.disallow_ws=1
	9	--SKIPIF--
	10	<?php include('skipif.inc'); ?>
	11	--COOKIE--
	12	--GET--
	13	--POST--
	14	+var1=1&var2=2&%20var3=3& var4=4&
	15	--FILE--
	16	<?php
	17	var_dump($_POST);
	18	?>
	19	--EXPECTF--
	20	array(1) {
	21	["var2"]=>
	22	string(1) "2"
	23	}
	24	ALERT - POST variable name begins with disallowed whitespace - dropped variable ' var1' (attacker 'REMOTE_ADDR not set', file '%s')
	25	ALERT - POST variable name begins with disallowed whitespace - dropped variable ' var3' (attacker 'REMOTE_ADDR not set', file '%s')
	26	ALERT - POST variable name begins with disallowed whitespace - dropped variable ' var4' (attacker 'REMOTE_ADDR not set', file '%s')
	27	ALERT - dropped 3 request variables - (0 in GET, 3 in POST, 0 in COOKIE) (attacker 'REMOTE_ADDR not set', file '%s') \ No newline at end of file