1 files changed, 24 insertions, 0 deletions
diff --git a/tests/include/include_blacklist.phpt b/tests/include/include_blacklist.phpt
new file mode 100644
index 0000000..f4c3df0
--- /dev/null
+++ b/tests/include/include_blacklist.phpt
@@ -0,0 +1,24 @@
+--TEST--
+Include blacklist
+--SKIPIF--
+<?php include "../skipifcli.inc"; ?>
+--INI--
+suhosin.log.syslog=0
+suhosin.log.sapi=255
+suhosin.log.script=0
+suhosin.log.phpscript=0
+suhosin.executor.include.whitelist=
+suhosin.executor.include.blacklist=foo,boo
+--FILE--
+<?php
+        $var = "file://" . dirname(__FILE__) . "/../empty.inc";
+        include $var;
+        echo $value,"\n";
+    $var = "foo://test";
+    include $var;
+        $var = "boo://test"; // this point is never reached (famous last words)
+        include $var;
+?>
+--EXPECTF--
+value-from-empty.inc
+ALERT - Include filename ('foo://test') is a URL that is forbidden by the blacklist (attacker 'REMOTE_ADDR not set', file '%s', line 6)
+\ No newline at end of file

diff --git a/tests/include/include_blacklist.phpt b/tests/include/include_blacklist.phpt new file mode 100644 index 0000000..f4c3df0 --- /dev/null +++ b/tests/include/include_blacklist.phpt
@@ -0,0 +1,24 @@
	1	--TEST--
	2	Include blacklist
	3	--SKIPIF--
	4	<?php include "../skipifcli.inc"; ?>
	5	--INI--
	6	suhosin.log.syslog=0
	7	suhosin.log.sapi=255
	8	suhosin.log.script=0
	9	suhosin.log.phpscript=0
	10	suhosin.executor.include.whitelist=
	11	suhosin.executor.include.blacklist=foo,boo
	12	--FILE--
	13	<?php
	14	$var = "file://" . dirname(__FILE__) . "/../empty.inc";
	15	include $var;
	16	echo $value,"\n";
	17	$var = "foo://test";
	18	include $var;
	19	$var = "boo://test"; // this point is never reached (famous last words)
	20	include $var;
	21	?>
	22	--EXPECTF--
	23	value-from-empty.inc
	24	ALERT - Include filename ('foo://test') is a URL that is forbidden by the blacklist (attacker 'REMOTE_ADDR not set', file '%s', line 6) \ No newline at end of file