1 files changed, 32 insertions, 0 deletions
diff --git a/tests/executor/preg_replace_error.phpt b/tests/executor/preg_replace_error.phpt
new file mode 100644
index 0000000..39e0aee
--- /dev/null
+++ b/tests/executor/preg_replace_error.phpt
@@ -0,0 +1,32 @@
+--TEST--
+Testing protection against "\0" in preg_replace() first parameter (INCL. SUHOSIN ERROR MESSAGES)
+--SKIPIF--
+<?php include "../skipifnotcli.inc"; ?>
+--INI--
+suhosin.log.sapi=64
+--FILE--
+<?php
+    
+    $text1 = "One little boy with two dogs, three cats and four birds";
+    $text2 = "The three cats eat the four birds";
+    $regex_array = array("/one/", "/two/", "/three/");
+    $regex_array0 = array("/one/\0", "/two/", "/three/");
+    $replace_array = array("1", "2", "3");
+    $regex = "/eat/";
+    $regex0 = "/ea\0t/";
+    $replace = "play with";
+    
+    var_dump(preg_replace($regex_array, $replace_array, $text1));
+    var_dump(preg_replace($regex_array0, $replace_array, $text1));
+    var_dump(preg_replace($regex, $replace, $text2));
+    var_dump(preg_replace($regex0, $replace, $text2));
+    
+?>
+--EXPECTF--
+string(49) "One little boy with 2 dogs, 3 cats and four birds"
+ALERT - string termination attack on first preg_replace parameter detected (attacker 'REMOTE_ADDR not set', file '%s', line 14)
+bool(false)
+string(39) "The three cats play with the four birds"
+ALERT - string termination attack on first preg_replace parameter detected (attacker 'REMOTE_ADDR not set', file '%s', line 16)
+bool(false)

diff --git a/tests/executor/preg_replace_error.phpt b/tests/executor/preg_replace_error.phpt new file mode 100644 index 0000000..39e0aee --- /dev/null +++ b/tests/executor/preg_replace_error.phpt
@@ -0,0 +1,32 @@
	1	--TEST--
	2	Testing protection against "\0" in preg_replace() first parameter (INCL. SUHOSIN ERROR MESSAGES)
	3	--SKIPIF--
	4	<?php include "../skipifnotcli.inc"; ?>
	5	--INI--
	6	suhosin.log.sapi=64
	7	--FILE--
	8	<?php
	9
	10	$text1 = "One little boy with two dogs, three cats and four birds";
	11	$text2 = "The three cats eat the four birds";
	12
	13	$regex_array = array("/one/", "/two/", "/three/");
	14	$regex_array0 = array("/one/\0", "/two/", "/three/");
	15	$replace_array = array("1", "2", "3");
	16	$regex = "/eat/";
	17	$regex0 = "/ea\0t/";
	18	$replace = "play with";
	19
	20	var_dump(preg_replace($regex_array, $replace_array, $text1));
	21	var_dump(preg_replace($regex_array0, $replace_array, $text1));
	22	var_dump(preg_replace($regex, $replace, $text2));
	23	var_dump(preg_replace($regex0, $replace, $text2));
	24
	25	?>
	26	--EXPECTF--
	27	string(49) "One little boy with 2 dogs, 3 cats and four birds"
	28	ALERT - string termination attack on first preg_replace parameter detected (attacker 'REMOTE_ADDR not set', file '%s', line 14)
	29	bool(false)
	30	string(39) "The three cats play with the four birds"
	31	ALERT - string termination attack on first preg_replace parameter detected (attacker 'REMOTE_ADDR not set', file '%s', line 16)
	32	bool(false)