blob: cd0083f892b72852c6cf5ba0423c9716499fcfb3 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
--TEST--
Testing: suhosin.mail.protect=1 and extra headers contain double newline
--SKIPIF--
<?php include "../skipifnotcli.inc"; ?>
--INI--
suhosin.log.sapi=255
suhosin.log.stdout=0
suhosin.log.script=0
suhosin.log.syslog=0
suhosin.mail.protect=1
sendmail_path=/usr/bin/true
--FILE--
<?php
var_dump(mail("to", "subject", "msg", "Foo: bar\r\n\r\nfake-msg-start"));
?>
--EXPECTF--
ALERT - mail() - double newline in headers, possible injection, mail dropped (attacker 'REMOTE_ADDR not set', file '%s', line 2)
bool(false)
|
