blob: 1ed083dfb4ddc80c6b07a21b2914476ce8e57e86 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
--TEST--
Testing suhosin.executor.include.max_traversal=10
--DESCRIPTION--
Seems to work fine, maybe split up later into multiple test cases.
--SKIPIF--
<?php include "../skipifcli.inc"; ?>
--INI--
suhosin.log.syslog=0
suhosin.log.sapi=255
suhosin.log.script=0
suhosin.log.phpscript=0
error_reporting=0
suhosin.executor.include.whitelist=
suhosin.executor.include.blacklist=
suhosin.executor.include.max_traversal=10
--FILE--
<?php
if ($included === TRUE) { echo "$case INCLUDED!\n";return; }
$included = TRUE;
$case = "C1"; include("/../../../../../../../../../" . __FILE__);
$case = "C2"; include("/.././.././.././.././.././.././.././.././../" . __FILE__);
$case = "C3"; include("/.././.././.././.././.././.././.././.././.././../" . __FILE__);
$case = "C4"; include("/../../../../../../../../../../" . __FILE__);
$case = "C5"; include("/../../../../../../../../../../../" . __FILE__);
$case = "C6"; include("/.././.././.././.././.././.././.././.././../" . __FILE__);
?>
--EXPECTF--
C1 INCLUDED!
C2 INCLUDED!
ALERT - Include filename ('/.././.././.././.././.././.././.././.././.././../%s') contains too many '../' (attacker 'REMOTE_ADDR not set', file '%s', line 7)
|
