blob: a0c771faf7aada5df293195599cfce23fe0a926a (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
--TEST--
Include whitelist
--SKIPIF--
<?php include "../skipifcli.inc"; ?>
--INI--
suhosin.log.syslog=0
suhosin.log.sapi=255
suhosin.log.script=0
suhosin.log.phpscript=0
suhosin.executor.include.whitelist=file
suhosin.executor.include.blacklist=
--FILE--
<?php
$var = "file://" . dirname(__FILE__) . "/../empty.inc";
include $var;
echo $value,"\n";
$var = "foo://test";
include $var;
$var = "boo://test"; // this point is never reached (famous last words)
include $var;
?>
--EXPECTF--
value-from-empty.inc
ALERT - Include filename ('foo://test') is a URL that is not allowed (attacker 'REMOTE_ADDR not set', file '%s', line 6)
|
