From a1eed98e5bb049456ee327de34c9b678c17032db Mon Sep 17 00:00:00 2001
From: Stefan Esser
Date: Wed, 12 Feb 2014 19:40:15 +0100
Subject: Test for suhosin.post.disallow_ws

---
 tests/filter/get_filter_post_disallow_ws.phpt | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100644 tests/filter/get_filter_post_disallow_ws.phpt

(limited to 'tests/filter')

diff --git a/tests/filter/get_filter_post_disallow_ws.phpt b/tests/filter/get_filter_post_disallow_ws.phpt
new file mode 100644
index 0000000..55c7cf1
--- /dev/null
+++ b/tests/filter/get_filter_post_disallow_ws.phpt
@@ -0,0 +1,27 @@
+--TEST--
+suhosin input filter (suhosin.post.disallow_ws)
+--INI--
+suhosin.log.syslog=0
+suhosin.log.sapi=0
+suhosin.log.stdout=255
+suhosin.log.script=0
+suhosin.post.disallow_ws=1
+--SKIPIF--
+<?php include('skipif.inc'); ?>
+--COOKIE--
+--GET--
+--POST--
++var1=1&var2=2&%20var3=3& var4=4&
+--FILE--
+<?php
+var_dump($_POST);
+?>
+--EXPECTF--
+array(1) {
+  ["var2"]=>
+  string(1) "2"
+}
+ALERT - POST variable name begins with disallowed whitespace - dropped variable ' var1' (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - POST variable name begins with disallowed whitespace - dropped variable ' var3' (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - POST variable name begins with disallowed whitespace - dropped variable ' var4' (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - dropped 3 request variables - (0 in GET, 3 in POST, 0 in COOKIE) (attacker 'REMOTE_ADDR not set', file '%s')
\ No newline at end of file
-- 
cgit v1.3