5 files changed, 338 insertions, 0 deletions
diff --git a/tests/filter/input_filter_cookie_max_array_index_length.phpt b/tests/filter/input_filter_cookie_max_array_index_length.phpt
new file mode 100644
index 0000000..76dcad4
--- /dev/null
+++ b/tests/filter/input_filter_cookie_max_array_index_length.phpt
@@ -0,0 +1,50 @@
+--TEST--
+suhosin input filter (suhosin.cookie.max_array_index_length)
+--INI--
+suhosin.log.syslog=0
+suhosin.log.sapi=0
+suhosin.log.stdout=255
+suhosin.log.script=0
+suhosin.request.max_array_index_length=0
+suhosin.cookie.max_array_index_length=3
+--SKIPIF--
+<?php include('skipif.inc'); ?>
+--COOKIE--
+var1[AAA]=1;var2[BBBB]=1;var3[AAA][BBB]=1;var4[AAA][BBBB]=4;var5[AAA][BBB][CCC]=1;var6[AAA][BBBB][CCC]=1;
+--GET--
+--POST--
+--FILE--
+<?php
+var_dump($_COOKIE);
+?>
+--EXPECTF--
+array(3) {
+  ["var1"]=>
+  array(1) {
+    ["AAA"]=>
+    string(1) "1"
+  }
+  ["var3"]=>
+  array(1) {
+    ["AAA"]=>
+    array(1) {
+      ["BBB"]=>
+      string(1) "1"
+    }
+  }
+  ["var5"]=>
+  array(1) {
+    ["AAA"]=>
+    array(1) {
+      ["BBB"]=>
+      array(1) {
+        ["CCC"]=>
+        string(1) "1"
+      }
+    }
+  }
+}
+ALERT - configured COOKIE variable array index length limit exceeded - dropped variable 'var2[BBBB]' (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - configured COOKIE variable array index length limit exceeded - dropped variable 'var4[AAA][BBBB]' (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - configured COOKIE variable array index length limit exceeded - dropped variable 'var6[AAA][BBBB][CCC]' (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - dropped 3 request variables - (0 in GET, 0 in POST, 3 in COOKIE) (attacker 'REMOTE_ADDR not set', file '%s')
+\ No newline at end of file
diff --git a/tests/filter/input_filter_get_max_array_index_length.phpt b/tests/filter/input_filter_get_max_array_index_length.phpt
new file mode 100644
index 0000000..890ec8e
--- /dev/null
+++ b/tests/filter/input_filter_get_max_array_index_length.phpt
@@ -0,0 +1,50 @@
+--TEST--
+suhosin input filter (suhosin.get.max_array_index_length)
+--INI--
+suhosin.log.syslog=0
+suhosin.log.sapi=0
+suhosin.log.stdout=255
+suhosin.log.script=0
+suhosin.request.max_array_index_length=0
+suhosin.get.max_array_index_length=3
+--SKIPIF--
+<?php include('skipif.inc'); ?>
+--COOKIE--
+--GET--
+var1[AAA]=1&var2[BBBB]=1&var3[AAA][BBB]=1&var4[AAA][BBBB]=4&var5[AAA][BBB][CCC]=1&var6[AAA][BBBB][CCC]=1
+--POST--
+--FILE--
+<?php
+var_dump($_GET);
+?>
+--EXPECTF--
+array(3) {
+  ["var1"]=>
+  array(1) {
+    ["AAA"]=>
+    string(1) "1"
+  }
+  ["var3"]=>
+  array(1) {
+    ["AAA"]=>
+    array(1) {
+      ["BBB"]=>
+      string(1) "1"
+    }
+  }
+  ["var5"]=>
+  array(1) {
+    ["AAA"]=>
+    array(1) {
+      ["BBB"]=>
+      array(1) {
+        ["CCC"]=>
+        string(1) "1"
+      }
+    }
+  }
+}
+ALERT - configured GET variable array index length limit exceeded - dropped variable 'var2[BBBB]' (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - configured GET variable array index length limit exceeded - dropped variable 'var4[AAA][BBBB]' (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - configured GET variable array index length limit exceeded - dropped variable 'var6[AAA][BBBB][CCC]' (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - dropped 3 request variables - (3 in GET, 0 in POST, 0 in COOKIE) (attacker 'REMOTE_ADDR not set', file '%s')
+\ No newline at end of file
diff --git a/tests/filter/input_filter_post_max_array_index_length.phpt b/tests/filter/input_filter_post_max_array_index_length.phpt
new file mode 100644
index 0000000..2c5adef
--- /dev/null
+++ b/tests/filter/input_filter_post_max_array_index_length.phpt
@@ -0,0 +1,50 @@
+--TEST--
+suhosin input filter (suhosin.post.max_array_index_length)
+--INI--
+suhosin.log.syslog=0
+suhosin.log.sapi=0
+suhosin.log.stdout=255
+suhosin.log.script=0
+suhosin.request.max_array_index_length=0
+suhosin.post.max_array_index_length=3
+--SKIPIF--
+<?php include('skipif.inc'); ?>
+--COOKIE--
+--GET--
+--POST--
+var1[AAA]=1&var2[BBBB]=1&var3[AAA][BBB]=1&var4[AAA][BBBB]=4&var5[AAA][BBB][CCC]=1&var6[AAA][BBBB][CCC]=1
+--FILE--
+<?php
+var_dump($_POST);
+?>
+--EXPECTF--
+array(3) {
+  ["var1"]=>
+  array(1) {
+    ["AAA"]=>
+    string(1) "1"
+  }
+  ["var3"]=>
+  array(1) {
+    ["AAA"]=>
+    array(1) {
+      ["BBB"]=>
+      string(1) "1"
+    }
+  }
+  ["var5"]=>
+  array(1) {
+    ["AAA"]=>
+    array(1) {
+      ["BBB"]=>
+      array(1) {
+        ["CCC"]=>
+        string(1) "1"
+      }
+    }
+  }
+}
+ALERT - configured POST variable array index length limit exceeded - dropped variable 'var2[BBBB]' (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - configured POST variable array index length limit exceeded - dropped variable 'var4[AAA][BBBB]' (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - configured POST variable array index length limit exceeded - dropped variable 'var6[AAA][BBBB][CCC]' (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - dropped 3 request variables - (0 in GET, 3 in POST, 0 in COOKIE) (attacker 'REMOTE_ADDR not set', file '%s')
+\ No newline at end of file
diff --git a/tests/filter/input_filter_post_max_array_index_length_rfc1867.phpt b/tests/filter/input_filter_post_max_array_index_length_rfc1867.phpt
new file mode 100644
index 0000000..58f0ed2
--- /dev/null
+++ b/tests/filter/input_filter_post_max_array_index_length_rfc1867.phpt
@@ -0,0 +1,77 @@
+--TEST--
+suhosin input filter (suhosin.post.max_array_index_length - RFC1867 version)
+--INI--
+suhosin.log.syslog=0
+suhosin.log.sapi=0
+suhosin.log.stdout=255
+suhosin.log.script=0
+suhosin.request.max_array_index_length=0
+suhosin.post.max_array_index_length=3
+--SKIPIF--
+<?php include('skipif.inc'); ?>
+--COOKIE--
+--GET--
+--POST--
+var1[AAA]=1&var2[BBBB]=1&var3[AAA][BBB]=1&var4[AAA][BBBB]=4&var5[AAA][BBB][CCC]=1&var6[AAA][BBBB][CCC]=1
+--POST_RAW--
+Content-Type: multipart/form-data; boundary=---------------------------20896060251896012921717172737
+-----------------------------20896060251896012921717172737
+Content-Disposition: form-data; name="var1[AAA]"
+1
+-----------------------------20896060251896012921717172737
+Content-Disposition: form-data; name="var2[BBBB]"
+1
+-----------------------------20896060251896012921717172737
+Content-Disposition: form-data; name="var3[AAA][BBB]"
+1
+-----------------------------20896060251896012921717172737
+Content-Disposition: form-data; name="var4[AAA][BBBB]"
+1
+-----------------------------20896060251896012921717172737
+Content-Disposition: form-data; name="var5[AAA][BBB][CCC]"
+1
+-----------------------------20896060251896012921717172737
+Content-Disposition: form-data; name="var6[AAA][BBBB][CCC]"
+1
+-----------------------------20896060251896012921717172737--
+--FILE--
+<?php
+var_dump($_POST);
+?>
+--EXPECTF--
+array(3) {
+  ["var1"]=>
+  array(1) {
+    ["AAA"]=>
+    string(1) "1"
+  }
+  ["var3"]=>
+  array(1) {
+    ["AAA"]=>
+    array(1) {
+      ["BBB"]=>
+      string(1) "1"
+    }
+  }
+  ["var5"]=>
+  array(1) {
+    ["AAA"]=>
+    array(1) {
+      ["BBB"]=>
+      array(1) {
+        ["CCC"]=>
+        string(1) "1"
+      }
+    }
+  }
+}
+ALERT - configured POST variable array index length limit exceeded - dropped variable 'var2[BBBB]' (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - configured POST variable array index length limit exceeded - dropped variable 'var4[AAA][BBBB]' (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - configured POST variable array index length limit exceeded - dropped variable 'var6[AAA][BBBB][CCC]' (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - dropped 3 request variables - (0 in GET, 3 in POST, 0 in COOKIE) (attacker 'REMOTE_ADDR not set', file '%s')
+\ No newline at end of file
diff --git a/tests/filter/input_filter_request_max_array_index_length.phpt b/tests/filter/input_filter_request_max_array_index_length.phpt
new file mode 100644
index 0000000..bb4c2ef
--- /dev/null
+++ b/tests/filter/input_filter_request_max_array_index_length.phpt
@@ -0,0 +1,111 @@
+--TEST--
+suhosin input filter (suhosin.request.max_array_index_length)
+--INI--
+suhosin.log.syslog=0
+suhosin.log.sapi=0
+suhosin.log.stdout=255
+suhosin.log.script=0
+suhosin.request.max_array_index_length=3
+--SKIPIF--
+<?php include('skipif.inc'); ?>
+--COOKIE--
+var1[AAA]=1;var2[BBBB]=1;var3[AAA][BBB]=1;var4[AAA][BBBB]=4;var5[AAA][BBB][CCC]=1;var6[AAA][BBBB][CCC]=1;
+--GET--
+var1[AAA]=1&var2[BBBB]=1&var3[AAA][BBB]=1&var4[AAA][BBBB]=4&var5[AAA][BBB][CCC]=1&var6[AAA][BBBB][CCC]=1
+--POST--
+var1[AAA]=1&var2[BBBB]=1&var3[AAA][BBB]=1&var4[AAA][BBBB]=4&var5[AAA][BBB][CCC]=1&var6[AAA][BBBB][CCC]=1
+--FILE--
+<?php
+var_dump($_GET);
+var_dump($_POST);
+var_dump($_COOKIE);
+?>
+--EXPECTF--
+array(3) {
+  ["var1"]=>
+  array(1) {
+    ["AAA"]=>
+    string(1) "1"
+  }
+  ["var3"]=>
+  array(1) {
+    ["AAA"]=>
+    array(1) {
+      ["BBB"]=>
+      string(1) "1"
+    }
+  }
+  ["var5"]=>
+  array(1) {
+    ["AAA"]=>
+    array(1) {
+      ["BBB"]=>
+      array(1) {
+        ["CCC"]=>
+        string(1) "1"
+      }
+    }
+  }
+}
+array(3) {
+  ["var1"]=>
+  array(1) {
+    ["AAA"]=>
+    string(1) "1"
+  }
+  ["var3"]=>
+  array(1) {
+    ["AAA"]=>
+    array(1) {
+      ["BBB"]=>
+      string(1) "1"
+    }
+  }
+  ["var5"]=>
+  array(1) {
+    ["AAA"]=>
+    array(1) {
+      ["BBB"]=>
+      array(1) {
+        ["CCC"]=>
+        string(1) "1"
+      }
+    }
+  }
+}
+array(3) {
+  ["var1"]=>
+  array(1) {
+    ["AAA"]=>
+    string(1) "1"
+  }
+  ["var3"]=>
+  array(1) {
+    ["AAA"]=>
+    array(1) {
+      ["BBB"]=>
+      string(1) "1"
+    }
+  }
+  ["var5"]=>
+  array(1) {
+    ["AAA"]=>
+    array(1) {
+      ["BBB"]=>
+      array(1) {
+        ["CCC"]=>
+        string(1) "1"
+      }
+    }
+  }
+}
+ALERT - configured request variable array index length limit exceeded - dropped variable 'var2[BBBB]' (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - configured request variable array index length limit exceeded - dropped variable 'var4[AAA][BBBB]' (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - configured request variable array index length limit exceeded - dropped variable 'var6[AAA][BBBB][CCC]' (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - configured request variable array index length limit exceeded - dropped variable 'var2[BBBB]' (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - configured request variable array index length limit exceeded - dropped variable 'var4[AAA][BBBB]' (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - configured request variable array index length limit exceeded - dropped variable 'var6[AAA][BBBB][CCC]' (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - configured request variable array index length limit exceeded - dropped variable 'var2[BBBB]' (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - configured request variable array index length limit exceeded - dropped variable 'var4[AAA][BBBB]' (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - configured request variable array index length limit exceeded - dropped variable 'var6[AAA][BBBB][CCC]' (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - dropped 9 request variables - (3 in GET, 3 in POST, 3 in COOKIE) (attacker 'REMOTE_ADDR not set', file '%s')
+\ No newline at end of file

diff --git a/tests/filter/input_filter_cookie_max_array_index_length.phpt b/tests/filter/input_filter_cookie_max_array_index_length.phpt new file mode 100644 index 0000000..76dcad4 --- /dev/null +++ b/tests/filter/input_filter_cookie_max_array_index_length.phpt
@@ -0,0 +1,50 @@
	1	--TEST--
	2	suhosin input filter (suhosin.cookie.max_array_index_length)
	3	--INI--
	4	suhosin.log.syslog=0
	5	suhosin.log.sapi=0
	6	suhosin.log.stdout=255
	7	suhosin.log.script=0
	8	suhosin.request.max_array_index_length=0
	9	suhosin.cookie.max_array_index_length=3
	10	--SKIPIF--
	11	<?php include('skipif.inc'); ?>
	12	--COOKIE--
	13	var1[AAA]=1;var2[BBBB]=1;var3[AAA][BBB]=1;var4[AAA][BBBB]=4;var5[AAA][BBB][CCC]=1;var6[AAA][BBBB][CCC]=1;
	14	--GET--
	15	--POST--
	16	--FILE--
	17	<?php
	18	var_dump($_COOKIE);
	19	?>
	20	--EXPECTF--
	21	array(3) {
	22	["var1"]=>
	23	array(1) {
	24	["AAA"]=>
	25	string(1) "1"
	26	}
	27	["var3"]=>
	28	array(1) {
	29	["AAA"]=>
	30	array(1) {
	31	["BBB"]=>
	32	string(1) "1"
	33	}
	34	}
	35	["var5"]=>
	36	array(1) {
	37	["AAA"]=>
	38	array(1) {
	39	["BBB"]=>
	40	array(1) {
	41	["CCC"]=>
	42	string(1) "1"
	43	}
	44	}
	45	}
	46	}
	47	ALERT - configured COOKIE variable array index length limit exceeded - dropped variable 'var2[BBBB]' (attacker 'REMOTE_ADDR not set', file '%s')
	48	ALERT - configured COOKIE variable array index length limit exceeded - dropped variable 'var4[AAA][BBBB]' (attacker 'REMOTE_ADDR not set', file '%s')
	49	ALERT - configured COOKIE variable array index length limit exceeded - dropped variable 'var6[AAA][BBBB][CCC]' (attacker 'REMOTE_ADDR not set', file '%s')
	50	ALERT - dropped 3 request variables - (0 in GET, 0 in POST, 3 in COOKIE) (attacker 'REMOTE_ADDR not set', file '%s') \ No newline at end of file


diff --git a/tests/filter/input_filter_get_max_array_index_length.phpt b/tests/filter/input_filter_get_max_array_index_length.phpt new file mode 100644 index 0000000..890ec8e --- /dev/null +++ b/tests/filter/input_filter_get_max_array_index_length.phpt
@@ -0,0 +1,50 @@
	1	--TEST--
	2	suhosin input filter (suhosin.get.max_array_index_length)
	3	--INI--
	4	suhosin.log.syslog=0
	5	suhosin.log.sapi=0
	6	suhosin.log.stdout=255
	7	suhosin.log.script=0
	8	suhosin.request.max_array_index_length=0
	9	suhosin.get.max_array_index_length=3
	10	--SKIPIF--
	11	<?php include('skipif.inc'); ?>
	12	--COOKIE--
	13	--GET--
	14	var1[AAA]=1&var2[BBBB]=1&var3[AAA][BBB]=1&var4[AAA][BBBB]=4&var5[AAA][BBB][CCC]=1&var6[AAA][BBBB][CCC]=1
	15	--POST--
	16	--FILE--
	17	<?php
	18	var_dump($_GET);
	19	?>
	20	--EXPECTF--
	21	array(3) {
	22	["var1"]=>
	23	array(1) {
	24	["AAA"]=>
	25	string(1) "1"
	26	}
	27	["var3"]=>
	28	array(1) {
	29	["AAA"]=>
	30	array(1) {
	31	["BBB"]=>
	32	string(1) "1"
	33	}
	34	}
	35	["var5"]=>
	36	array(1) {
	37	["AAA"]=>
	38	array(1) {
	39	["BBB"]=>
	40	array(1) {
	41	["CCC"]=>
	42	string(1) "1"
	43	}
	44	}
	45	}
	46	}
	47	ALERT - configured GET variable array index length limit exceeded - dropped variable 'var2[BBBB]' (attacker 'REMOTE_ADDR not set', file '%s')
	48	ALERT - configured GET variable array index length limit exceeded - dropped variable 'var4[AAA][BBBB]' (attacker 'REMOTE_ADDR not set', file '%s')
	49	ALERT - configured GET variable array index length limit exceeded - dropped variable 'var6[AAA][BBBB][CCC]' (attacker 'REMOTE_ADDR not set', file '%s')
	50	ALERT - dropped 3 request variables - (3 in GET, 0 in POST, 0 in COOKIE) (attacker 'REMOTE_ADDR not set', file '%s') \ No newline at end of file


diff --git a/tests/filter/input_filter_post_max_array_index_length.phpt b/tests/filter/input_filter_post_max_array_index_length.phpt new file mode 100644 index 0000000..2c5adef --- /dev/null +++ b/tests/filter/input_filter_post_max_array_index_length.phpt
@@ -0,0 +1,50 @@
	1	--TEST--
	2	suhosin input filter (suhosin.post.max_array_index_length)
	3	--INI--
	4	suhosin.log.syslog=0
	5	suhosin.log.sapi=0
	6	suhosin.log.stdout=255
	7	suhosin.log.script=0
	8	suhosin.request.max_array_index_length=0
	9	suhosin.post.max_array_index_length=3
	10	--SKIPIF--
	11	<?php include('skipif.inc'); ?>
	12	--COOKIE--
	13	--GET--
	14	--POST--
	15	var1[AAA]=1&var2[BBBB]=1&var3[AAA][BBB]=1&var4[AAA][BBBB]=4&var5[AAA][BBB][CCC]=1&var6[AAA][BBBB][CCC]=1
	16	--FILE--
	17	<?php
	18	var_dump($_POST);
	19	?>
	20	--EXPECTF--
	21	array(3) {
	22	["var1"]=>
	23	array(1) {
	24	["AAA"]=>
	25	string(1) "1"
	26	}
	27	["var3"]=>
	28	array(1) {
	29	["AAA"]=>
	30	array(1) {
	31	["BBB"]=>
	32	string(1) "1"
	33	}
	34	}
	35	["var5"]=>
	36	array(1) {
	37	["AAA"]=>
	38	array(1) {
	39	["BBB"]=>
	40	array(1) {
	41	["CCC"]=>
	42	string(1) "1"
	43	}
	44	}
	45	}
	46	}
	47	ALERT - configured POST variable array index length limit exceeded - dropped variable 'var2[BBBB]' (attacker 'REMOTE_ADDR not set', file '%s')
	48	ALERT - configured POST variable array index length limit exceeded - dropped variable 'var4[AAA][BBBB]' (attacker 'REMOTE_ADDR not set', file '%s')
	49	ALERT - configured POST variable array index length limit exceeded - dropped variable 'var6[AAA][BBBB][CCC]' (attacker 'REMOTE_ADDR not set', file '%s')
	50	ALERT - dropped 3 request variables - (0 in GET, 3 in POST, 0 in COOKIE) (attacker 'REMOTE_ADDR not set', file '%s') \ No newline at end of file


diff --git a/tests/filter/input_filter_post_max_array_index_length_rfc1867.phpt b/tests/filter/input_filter_post_max_array_index_length_rfc1867.phpt new file mode 100644 index 0000000..58f0ed2 --- /dev/null +++ b/tests/filter/input_filter_post_max_array_index_length_rfc1867.phpt
@@ -0,0 +1,77 @@
	1	--TEST--
	2	suhosin input filter (suhosin.post.max_array_index_length - RFC1867 version)
	3	--INI--
	4	suhosin.log.syslog=0
	5	suhosin.log.sapi=0
	6	suhosin.log.stdout=255
	7	suhosin.log.script=0
	8	suhosin.request.max_array_index_length=0
	9	suhosin.post.max_array_index_length=3
	10	--SKIPIF--
	11	<?php include('skipif.inc'); ?>
	12	--COOKIE--
	13	--GET--
	14	--POST--
	15	var1[AAA]=1&var2[BBBB]=1&var3[AAA][BBB]=1&var4[AAA][BBBB]=4&var5[AAA][BBB][CCC]=1&var6[AAA][BBBB][CCC]=1
	16	--POST_RAW--
	17	Content-Type: multipart/form-data; boundary=---------------------------20896060251896012921717172737
	18	-----------------------------20896060251896012921717172737
	19	Content-Disposition: form-data; name="var1[AAA]"
	20
	21	1
	22	-----------------------------20896060251896012921717172737
	23	Content-Disposition: form-data; name="var2[BBBB]"
	24
	25	1
	26	-----------------------------20896060251896012921717172737
	27	Content-Disposition: form-data; name="var3[AAA][BBB]"
	28
	29	1
	30	-----------------------------20896060251896012921717172737
	31	Content-Disposition: form-data; name="var4[AAA][BBBB]"
	32
	33	1
	34	-----------------------------20896060251896012921717172737
	35	Content-Disposition: form-data; name="var5[AAA][BBB][CCC]"
	36
	37	1
	38	-----------------------------20896060251896012921717172737
	39	Content-Disposition: form-data; name="var6[AAA][BBBB][CCC]"
	40
	41	1
	42	-----------------------------20896060251896012921717172737--
	43	--FILE--
	44	<?php
	45	var_dump($_POST);
	46	?>
	47	--EXPECTF--
	48	array(3) {
	49	["var1"]=>
	50	array(1) {
	51	["AAA"]=>
	52	string(1) "1"
	53	}
	54	["var3"]=>
	55	array(1) {
	56	["AAA"]=>
	57	array(1) {
	58	["BBB"]=>
	59	string(1) "1"
	60	}
	61	}
	62	["var5"]=>
	63	array(1) {
	64	["AAA"]=>
	65	array(1) {
	66	["BBB"]=>
	67	array(1) {
	68	["CCC"]=>
	69	string(1) "1"
	70	}
	71	}
	72	}
	73	}
	74	ALERT - configured POST variable array index length limit exceeded - dropped variable 'var2[BBBB]' (attacker 'REMOTE_ADDR not set', file '%s')
	75	ALERT - configured POST variable array index length limit exceeded - dropped variable 'var4[AAA][BBBB]' (attacker 'REMOTE_ADDR not set', file '%s')
	76	ALERT - configured POST variable array index length limit exceeded - dropped variable 'var6[AAA][BBBB][CCC]' (attacker 'REMOTE_ADDR not set', file '%s')
	77	ALERT - dropped 3 request variables - (0 in GET, 3 in POST, 0 in COOKIE) (attacker 'REMOTE_ADDR not set', file '%s') \ No newline at end of file


diff --git a/tests/filter/input_filter_request_max_array_index_length.phpt b/tests/filter/input_filter_request_max_array_index_length.phpt new file mode 100644 index 0000000..bb4c2ef --- /dev/null +++ b/tests/filter/input_filter_request_max_array_index_length.phpt
@@ -0,0 +1,111 @@
	1	--TEST--
	2	suhosin input filter (suhosin.request.max_array_index_length)
	3	--INI--
	4	suhosin.log.syslog=0
	5	suhosin.log.sapi=0
	6	suhosin.log.stdout=255
	7	suhosin.log.script=0
	8	suhosin.request.max_array_index_length=3
	9	--SKIPIF--
	10	<?php include('skipif.inc'); ?>
	11	--COOKIE--
	12	var1[AAA]=1;var2[BBBB]=1;var3[AAA][BBB]=1;var4[AAA][BBBB]=4;var5[AAA][BBB][CCC]=1;var6[AAA][BBBB][CCC]=1;
	13	--GET--
	14	var1[AAA]=1&var2[BBBB]=1&var3[AAA][BBB]=1&var4[AAA][BBBB]=4&var5[AAA][BBB][CCC]=1&var6[AAA][BBBB][CCC]=1
	15	--POST--
	16	var1[AAA]=1&var2[BBBB]=1&var3[AAA][BBB]=1&var4[AAA][BBBB]=4&var5[AAA][BBB][CCC]=1&var6[AAA][BBBB][CCC]=1
	17	--FILE--
	18	<?php
	19	var_dump($_GET);
	20	var_dump($_POST);
	21	var_dump($_COOKIE);
	22	?>
	23	--EXPECTF--
	24	array(3) {
	25	["var1"]=>
	26	array(1) {
	27	["AAA"]=>
	28	string(1) "1"
	29	}
	30	["var3"]=>
	31	array(1) {
	32	["AAA"]=>
	33	array(1) {
	34	["BBB"]=>
	35	string(1) "1"
	36	}
	37	}
	38	["var5"]=>
	39	array(1) {
	40	["AAA"]=>
	41	array(1) {
	42	["BBB"]=>
	43	array(1) {
	44	["CCC"]=>
	45	string(1) "1"
	46	}
	47	}
	48	}
	49	}
	50	array(3) {
	51	["var1"]=>
	52	array(1) {
	53	["AAA"]=>
	54	string(1) "1"
	55	}
	56	["var3"]=>
	57	array(1) {
	58	["AAA"]=>
	59	array(1) {
	60	["BBB"]=>
	61	string(1) "1"
	62	}
	63	}
	64	["var5"]=>
	65	array(1) {
	66	["AAA"]=>
	67	array(1) {
	68	["BBB"]=>
	69	array(1) {
	70	["CCC"]=>
	71	string(1) "1"
	72	}
	73	}
	74	}
	75	}
	76	array(3) {
	77	["var1"]=>
	78	array(1) {
	79	["AAA"]=>
	80	string(1) "1"
	81	}
	82	["var3"]=>
	83	array(1) {
	84	["AAA"]=>
	85	array(1) {
	86	["BBB"]=>
	87	string(1) "1"
	88	}
	89	}
	90	["var5"]=>
	91	array(1) {
	92	["AAA"]=>
	93	array(1) {
	94	["BBB"]=>
	95	array(1) {
	96	["CCC"]=>
	97	string(1) "1"
	98	}
	99	}
	100	}
	101	}
	102	ALERT - configured request variable array index length limit exceeded - dropped variable 'var2[BBBB]' (attacker 'REMOTE_ADDR not set', file '%s')
	103	ALERT - configured request variable array index length limit exceeded - dropped variable 'var4[AAA][BBBB]' (attacker 'REMOTE_ADDR not set', file '%s')
	104	ALERT - configured request variable array index length limit exceeded - dropped variable 'var6[AAA][BBBB][CCC]' (attacker 'REMOTE_ADDR not set', file '%s')
	105	ALERT - configured request variable array index length limit exceeded - dropped variable 'var2[BBBB]' (attacker 'REMOTE_ADDR not set', file '%s')
	106	ALERT - configured request variable array index length limit exceeded - dropped variable 'var4[AAA][BBBB]' (attacker 'REMOTE_ADDR not set', file '%s')
	107	ALERT - configured request variable array index length limit exceeded - dropped variable 'var6[AAA][BBBB][CCC]' (attacker 'REMOTE_ADDR not set', file '%s')
	108	ALERT - configured request variable array index length limit exceeded - dropped variable 'var2[BBBB]' (attacker 'REMOTE_ADDR not set', file '%s')
	109	ALERT - configured request variable array index length limit exceeded - dropped variable 'var4[AAA][BBBB]' (attacker 'REMOTE_ADDR not set', file '%s')
	110	ALERT - configured request variable array index length limit exceeded - dropped variable 'var6[AAA][BBBB][CCC]' (attacker 'REMOTE_ADDR not set', file '%s')
	111	ALERT - dropped 9 request variables - (3 in GET, 3 in POST, 3 in COOKIE) (attacker 'REMOTE_ADDR not set', file '%s') \ No newline at end of file