diff options
Diffstat (limited to 'tests/include/include_max_traversal.phpt')
| -rw-r--r-- | tests/include/include_max_traversal.phpt | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/tests/include/include_max_traversal.phpt b/tests/include/include_max_traversal.phpt new file mode 100644 index 0000000..1ed083d --- /dev/null +++ b/tests/include/include_max_traversal.phpt | |||
| @@ -0,0 +1,32 @@ | |||
| 1 | --TEST-- | ||
| 2 | Testing suhosin.executor.include.max_traversal=10 | ||
| 3 | --DESCRIPTION-- | ||
| 4 | Seems to work fine, maybe split up later into multiple test cases. | ||
| 5 | --SKIPIF-- | ||
| 6 | <?php include "../skipifcli.inc"; ?> | ||
| 7 | --INI-- | ||
| 8 | suhosin.log.syslog=0 | ||
| 9 | suhosin.log.sapi=255 | ||
| 10 | suhosin.log.script=0 | ||
| 11 | suhosin.log.phpscript=0 | ||
| 12 | error_reporting=0 | ||
| 13 | suhosin.executor.include.whitelist= | ||
| 14 | suhosin.executor.include.blacklist= | ||
| 15 | suhosin.executor.include.max_traversal=10 | ||
| 16 | --FILE-- | ||
| 17 | <?php | ||
| 18 | if ($included === TRUE) { echo "$case INCLUDED!\n";return; } | ||
| 19 | $included = TRUE; | ||
| 20 | |||
| 21 | $case = "C1"; include("/../../../../../../../../../" . __FILE__); | ||
| 22 | $case = "C2"; include("/.././.././.././.././.././.././.././.././../" . __FILE__); | ||
| 23 | $case = "C3"; include("/.././.././.././.././.././.././.././.././.././../" . __FILE__); | ||
| 24 | $case = "C4"; include("/../../../../../../../../../../" . __FILE__); | ||
| 25 | $case = "C5"; include("/../../../../../../../../../../../" . __FILE__); | ||
| 26 | $case = "C6"; include("/.././.././.././.././.././.././.././.././../" . __FILE__); | ||
| 27 | |||
| 28 | ?> | ||
| 29 | --EXPECTF-- | ||
| 30 | C1 INCLUDED! | ||
| 31 | C2 INCLUDED! | ||
| 32 | ALERT - Include filename ('/.././.././.././.././.././.././.././.././.././../%s') contains too many '../' (attacker 'REMOTE_ADDR not set', file '%s', line 7) | ||