From 84996270798fccffe2da890ad7a7c270d298a6e8 Mon Sep 17 00:00:00 2001
From: Ben Fuhrmannek
Date: Wed, 9 Jul 2014 13:55:58 +0200
Subject: enforce SQL username check + return FALSE instead of bailout

---
 tests/sql/mysqli_connect_invalid_username.phpt | 17 +++++++++++++++++
 tests/sql/mysqli_user_match_ok.phpt            |  2 +-
 2 files changed, 18 insertions(+), 1 deletion(-)
 create mode 100644 tests/sql/mysqli_connect_invalid_username.phpt

(limited to 'tests/sql')

diff --git a/tests/sql/mysqli_connect_invalid_username.phpt b/tests/sql/mysqli_connect_invalid_username.phpt
new file mode 100644
index 0000000..532254f
--- /dev/null
+++ b/tests/sql/mysqli_connect_invalid_username.phpt
@@ -0,0 +1,17 @@
+--TEST--
+Mysqli connect with user_match not matching username
+--INI--
+extension=mysqli.so
+suhosin.log.stdout=32
+--SKIPIF--
+<?php
+include('skipifmysqli.inc');
+include('skipif.inc');
+?>
+--FILE--
+<?php
+include('connect.inc');
+$mysqli = new mysqli($host, "invalid\x01_username", $passwd, $db, $port, $socket);
+?>
+--EXPECTREGEX--
+ALERT - SQL username contains invalid characters.*
\ No newline at end of file
diff --git a/tests/sql/mysqli_user_match_ok.phpt b/tests/sql/mysqli_user_match_ok.phpt
index 4d7a438..a2ad832 100644
--- a/tests/sql/mysqli_user_match_ok.phpt
+++ b/tests/sql/mysqli_user_match_ok.phpt
@@ -1,5 +1,5 @@
 --TEST--
-Mysqli connect with user_match not matching username
+Mysqli connect with user_match matching username
 --INI--
 extension=mysqli.so
 suhosin.sql.user_match=invalid_*
-- 
cgit v1.3