15 files changed, 261 insertions, 0 deletions
diff --git a/tests/executor/eval_blacklist.phpt b/tests/executor/eval_blacklist.phpt
new file mode 100644
index 0000000..8d47564
--- /dev/null
+++ b/tests/executor/eval_blacklist.phpt
@@ -0,0 +1,18 @@
+--TEST--
+Testing: suhosin.executor.eval.blacklist=max
+--SKIPIF--
+<?php include "../skipifnotcli.inc"; ?>
+--INI--
+suhosin.log.sapi=64
+suhosin.executor.disable_eval=0
+suhosin.executor.eval.blacklist=max
+--FILE--
+<?php
+        eval('abs(1);
+        max(1,2);
+        abs(1);');
+?>
+--EXPECTF--
+ALERT - eval'd function blacklisted: max() (attacker 'REMOTE_ADDR not set', file '%s', line 2)
+Warning: max() has been disabled for security reasons in %s : eval()'d code on line 2
diff --git a/tests/executor/eval_blacklist_printf.phpt b/tests/executor/eval_blacklist_printf.phpt
new file mode 100644
index 0000000..b66d457
--- /dev/null
+++ b/tests/executor/eval_blacklist_printf.phpt
@@ -0,0 +1,16 @@
+--TEST--
+Testing: suhosin.executor.eval.blacklist=printf via call_user_func
+--SKIPIF--
+<?php include "../skipifnotcli.inc"; ?>
+--INI--
+suhosin.log.sapi=64
+suhosin.executor.disable_eval=0
+suhosin.executor.eval.blacklist=printf
+--FILE--
+<?php
+        eval('call_user_func("printf", "hello\n");');
+?>
+--EXPECTF--
+ALERT - eval'd function blacklisted: printf() (attacker 'REMOTE_ADDR not set', file '%s : eval()'d code', line 1)
+Warning: printf() has been disabled for security reasons in %s : eval()'d code on line 1
diff --git a/tests/executor/eval_blacklist_printf_function_exists.phpt b/tests/executor/eval_blacklist_printf_function_exists.phpt
new file mode 100644
index 0000000..d9b842c
--- /dev/null
+++ b/tests/executor/eval_blacklist_printf_function_exists.phpt
@@ -0,0 +1,23 @@
+--TEST--
+Testing: suhosin.executor.eval.blacklist=printf with function_exists()
+--SKIPIF--
+<?php include "../skipifnotcli.inc"; ?>
+--INI--
+suhosin.log.sapi=64
+suhosin.executor.disable_eval=0
+suhosin.executor.eval.blacklist=printf,max
+--FILE--
+<?php
+        eval('var_dump(function_exists("abs"));');
+        eval('var_dump(function_exists("max"));');
+        eval('var_dump(function_exists("ord"));');
+        eval('var_dump(function_exists("printf"));');
+        eval('var_dump(function_exists("chr"));');
+?>
+--EXPECTF--
+bool(true)
+bool(false)
+bool(true)
+bool(false)
+bool(true)
diff --git a/tests/executor/eval_whitelist_absmax.phpt b/tests/executor/eval_whitelist_absmax.phpt
new file mode 100644
index 0000000..fff7345
--- /dev/null
+++ b/tests/executor/eval_whitelist_absmax.phpt
@@ -0,0 +1,16 @@
+--TEST--
+Testing: suhosin.executor.eval.whitelist=abs,max
+--SKIPIF--
+<?php include "../skipifnotcli.inc"; ?>
+--INI--
+suhosin.log.sapi=64
+suhosin.executor.disable_eval=0
+suhosin.executor.eval.whitelist=abs,max
+--FILE--
+<?php
+        eval('abs(1);
+        max(1,2);
+        abs(1);');
+?>
+--EXPECTF--
diff --git a/tests/executor/eval_whitelist_call_user_func.phpt b/tests/executor/eval_whitelist_call_user_func.phpt
new file mode 100644
index 0000000..9ad1912
--- /dev/null
+++ b/tests/executor/eval_whitelist_call_user_func.phpt
@@ -0,0 +1,15 @@
+--TEST--
+Testing: suhosin.executor.eval.whitelist=printf via call_user_func
+--SKIPIF--
+<?php include "../skipifnotcli.inc"; ?>
+--INI--
+suhosin.log.sapi=64
+suhosin.executor.eval.whitelist=call_user_func
+--FILE--
+<?php
+        eval('call_user_func("printf", "hello\n");');
+?>
+--EXPECTF--
+ALERT - eval'd function not whitelisted: printf() (attacker 'REMOTE_ADDR not set', file '%s : eval()'d code', line 1)
+Warning: printf() has been disabled for security reasons in %s : eval()'d code on line 1
diff --git a/tests/executor/function_blacklist.phpt b/tests/executor/function_blacklist.phpt
new file mode 100644
index 0000000..52ebc8b
--- /dev/null
+++ b/tests/executor/function_blacklist.phpt
@@ -0,0 +1,21 @@
+--TEST--
+Testing: suhosin.executor.func.blacklist=max
+--SKIPIF--
+<?php include "../skipifnotcli.inc"; ?>
+--INI--
+suhosin.log.sapi=64
+suhosin.executor.func.blacklist=max
+--FILE--
+<?php
+        echo 'a';
+        abs(1);
+        echo 'b';
+        max(1,2);
+        echo 'c';
+        abs(1);
+        echo 'd';
+?>
+--EXPECTF--
+abALERT - function blacklisted: max() (attacker 'REMOTE_ADDR not set', file '%s', line 5)
+Warning: max() has been disabled for security reasons in %s on line 5
diff --git a/tests/executor/function_blacklist_printf.phpt b/tests/executor/function_blacklist_printf.phpt
new file mode 100644
index 0000000..f60f938
--- /dev/null
+++ b/tests/executor/function_blacklist_printf.phpt
@@ -0,0 +1,15 @@
+--TEST--
+Testing: suhosin.executor.func.blacklist=printf
+--SKIPIF--
+<?php include "../skipifnotcli.inc"; ?>
+--INI--
+suhosin.log.sapi=64
+suhosin.executor.func.blacklist=printf
+--FILE--
+<?php
+        call_user_func("printf", "hello\n");
+?>
+--EXPECTF--
+ALERT - function blacklisted: printf() (attacker 'REMOTE_ADDR not set', file '%s', line 2)
+Warning: printf() has been disabled for security reasons in %s on line 2
diff --git a/tests/executor/function_blacklist_printf_function_exists.phpt b/tests/executor/function_blacklist_printf_function_exists.phpt
new file mode 100644
index 0000000..2fe9d33
--- /dev/null
+++ b/tests/executor/function_blacklist_printf_function_exists.phpt
@@ -0,0 +1,22 @@
+--TEST--
+Testing: suhosin.executor.func.blacklist=printf with function_exists()
+--SKIPIF--
+<?php include "../skipifnotcli.inc"; ?>
+--INI--
+suhosin.log.sapi=64
+suhosin.executor.func.blacklist=printf,max
+--FILE--
+<?php
+        var_dump(function_exists("abs"));
+        var_dump(function_exists("max"));
+        var_dump(function_exists("ord"));
+        var_dump(function_exists("printf"));
+        var_dump(function_exists("chr"));
+?>
+--EXPECTF--
+bool(true)
+bool(false)
+bool(true)
+bool(false)
+bool(true)
diff --git a/tests/executor/function_call_user_func.phpt b/tests/executor/function_call_user_func.phpt
new file mode 100644
index 0000000..8a229d4
--- /dev/null
+++ b/tests/executor/function_call_user_func.phpt
@@ -0,0 +1,12 @@
+--TEST--
+Testing if call_user_func() actually works
+--SKIPIF--
+<?php include "../skipifnotcli.inc"; ?>
+--INI--
+suhosin.log.sapi=64
+--FILE--
+<?php
+        call_user_func("printf", "hello\n");
+?>
+--EXPECTF--
+hello
+\ No newline at end of file
diff --git a/tests/executor/function_whitelist.phpt b/tests/executor/function_whitelist.phpt
new file mode 100644
index 0000000..2e9fee4
--- /dev/null
+++ b/tests/executor/function_whitelist.phpt
@@ -0,0 +1,17 @@
+--TEST--
+Testing: suhosin.executor.func.whitelist=abs
+--SKIPIF--
+<?php include "../skipifnotcli.inc"; ?>
+--INI--
+suhosin.log.sapi=64
+suhosin.executor.func.whitelist=abs
+--FILE--
+<?php
+        abs(1);
+        max(1,2);
+        abs(1);
+?>
+--EXPECTF--
+ALERT - function not whitelisted: max() (attacker 'REMOTE_ADDR not set', file '%s', line 3)
+Warning: max() has been disabled for security reasons in %s on line 3
diff --git a/tests/executor/function_whitelist_absmax.phpt b/tests/executor/function_whitelist_absmax.phpt
new file mode 100644
index 0000000..f240e69
--- /dev/null
+++ b/tests/executor/function_whitelist_absmax.phpt
@@ -0,0 +1,15 @@
+--TEST--
+Testing: suhosin.executor.func.whitelist=abs,max
+--SKIPIF--
+<?php include "../skipifnotcli.inc"; ?>
+--INI--
+suhosin.log.sapi=64
+suhosin.executor.func.whitelist=abs,max
+--FILE--
+<?php
+        abs(1);
+        max(1,2);
+        abs(1);
+?>
+--EXPECTF--
diff --git a/tests/executor/function_whitelist_call_user_func.phpt b/tests/executor/function_whitelist_call_user_func.phpt
new file mode 100644
index 0000000..e86380c
--- /dev/null
+++ b/tests/executor/function_whitelist_call_user_func.phpt
@@ -0,0 +1,15 @@
+--TEST--
+Testing: suhosin.executor.func.whitelist=call_user_func
+--SKIPIF--
+<?php include "../skipifnotcli.inc"; ?>
+--INI--
+suhosin.log.sapi=64
+suhosin.executor.func.whitelist=call_user_func
+--FILE--
+<?php
+        call_user_func("printf", "hello\n");
+?>
+--EXPECTF--
+ALERT - function not whitelisted: printf() (attacker 'REMOTE_ADDR not set', file '%s', line 2)
+Warning: printf() has been disabled for security reasons in %s on line 2
diff --git a/tests/executor/function_whitelist_function_exists.phpt b/tests/executor/function_whitelist_function_exists.phpt
new file mode 100644
index 0000000..bc515ab
--- /dev/null
+++ b/tests/executor/function_whitelist_function_exists.phpt
@@ -0,0 +1,22 @@
+--TEST--
+Testing: suhosin.executor.func.whitelist with function_exists()
+--SKIPIF--
+<?php include "../skipifnotcli.inc"; ?>
+--INI--
+suhosin.log.sapi=64
+suhosin.executor.func.whitelist=printf,max,function_exists,var_dump
+--FILE--
+<?php
+        var_dump(function_exists("abs"));
+        var_dump(function_exists("max"));
+        var_dump(function_exists("ord"));
+        var_dump(function_exists("printf"));
+        var_dump(function_exists("chr"));
+?>
+--EXPECTF--
+bool(false)
+bool(true)
+bool(false)
+bool(true)
+bool(false)
diff --git a/tests/executor/function_whitelist_maxabs.phpt b/tests/executor/function_whitelist_maxabs.phpt
new file mode 100644
index 0000000..88a356e
--- /dev/null
+++ b/tests/executor/function_whitelist_maxabs.phpt
@@ -0,0 +1,15 @@
+--TEST--
+Testing: suhosin.executor.func.whitelist=max,abs
+--SKIPIF--
+<?php include "../skipifnotcli.inc"; ?>
+--INI--
+suhosin.log.sapi=64
+suhosin.executor.func.whitelist=max,abs
+--FILE--
+<?php
+        abs(1);
+        max(1,2);
+        abs(1);
+?>
+--EXPECTF--
diff --git a/tests/executor/function_whitelist_without_function_exists.phpt b/tests/executor/function_whitelist_without_function_exists.phpt
new file mode 100644
index 0000000..383a7c6
--- /dev/null
+++ b/tests/executor/function_whitelist_without_function_exists.phpt
@@ -0,0 +1,19 @@
+--TEST--
+Testing: suhosin.executor.func.whitelist without function_exists()
+--SKIPIF--
+<?php include "../skipifnotcli.inc"; ?>
+--INI--
+suhosin.log.sapi=64
+suhosin.executor.func.whitelist=printf,max,var_dump
+--FILE--
+<?php
+        var_dump(function_exists("abs"));
+        var_dump(function_exists("max"));
+        var_dump(function_exists("ord"));
+        var_dump(function_exists("printf"));
+        var_dump(function_exists("chr"));
+?>
+--EXPECTF--
+ALERT - function not whitelisted: function_exists() (attacker 'REMOTE_ADDR not set', file '%s', line 2)
+Warning: function_exists() has been disabled for security reasons in %s on line 2

diff --git a/tests/executor/eval_blacklist.phpt b/tests/executor/eval_blacklist.phpt new file mode 100644 index 0000000..8d47564 --- /dev/null +++ b/tests/executor/eval_blacklist.phpt
@@ -0,0 +1,18 @@
	1	--TEST--
	2	Testing: suhosin.executor.eval.blacklist=max
	3	--SKIPIF--
	4	<?php include "../skipifnotcli.inc"; ?>
	5	--INI--
	6	suhosin.log.sapi=64
	7	suhosin.executor.disable_eval=0
	8	suhosin.executor.eval.blacklist=max
	9	--FILE--
	10	<?php
	11	eval('abs(1);
	12	max(1,2);
	13	abs(1);');
	14	?>
	15	--EXPECTF--
	16	ALERT - eval'd function blacklisted: max() (attacker 'REMOTE_ADDR not set', file '%s', line 2)
	17
	18	Warning: max() has been disabled for security reasons in %s : eval()'d code on line 2


diff --git a/tests/executor/eval_blacklist_printf.phpt b/tests/executor/eval_blacklist_printf.phpt new file mode 100644 index 0000000..b66d457 --- /dev/null +++ b/tests/executor/eval_blacklist_printf.phpt
@@ -0,0 +1,16 @@
	1	--TEST--
	2	Testing: suhosin.executor.eval.blacklist=printf via call_user_func
	3	--SKIPIF--
	4	<?php include "../skipifnotcli.inc"; ?>
	5	--INI--
	6	suhosin.log.sapi=64
	7	suhosin.executor.disable_eval=0
	8	suhosin.executor.eval.blacklist=printf
	9	--FILE--
	10	<?php
	11	eval('call_user_func("printf", "hello\n");');
	12	?>
	13	--EXPECTF--
	14	ALERT - eval'd function blacklisted: printf() (attacker 'REMOTE_ADDR not set', file '%s : eval()'d code', line 1)
	15
	16	Warning: printf() has been disabled for security reasons in %s : eval()'d code on line 1


diff --git a/tests/executor/eval_blacklist_printf_function_exists.phpt b/tests/executor/eval_blacklist_printf_function_exists.phpt new file mode 100644 index 0000000..d9b842c --- /dev/null +++ b/tests/executor/eval_blacklist_printf_function_exists.phpt
@@ -0,0 +1,23 @@
	1	--TEST--
	2	Testing: suhosin.executor.eval.blacklist=printf with function_exists()
	3	--SKIPIF--
	4	<?php include "../skipifnotcli.inc"; ?>
	5	--INI--
	6	suhosin.log.sapi=64
	7	suhosin.executor.disable_eval=0
	8	suhosin.executor.eval.blacklist=printf,max
	9	--FILE--
	10	<?php
	11	eval('var_dump(function_exists("abs"));');
	12	eval('var_dump(function_exists("max"));');
	13	eval('var_dump(function_exists("ord"));');
	14	eval('var_dump(function_exists("printf"));');
	15	eval('var_dump(function_exists("chr"));');
	16	?>
	17	--EXPECTF--
	18	bool(true)
	19	bool(false)
	20	bool(true)
	21	bool(false)
	22	bool(true)
	23


diff --git a/tests/executor/eval_whitelist_absmax.phpt b/tests/executor/eval_whitelist_absmax.phpt new file mode 100644 index 0000000..fff7345 --- /dev/null +++ b/tests/executor/eval_whitelist_absmax.phpt
@@ -0,0 +1,16 @@
	1	--TEST--
	2	Testing: suhosin.executor.eval.whitelist=abs,max
	3	--SKIPIF--
	4	<?php include "../skipifnotcli.inc"; ?>
	5	--INI--
	6	suhosin.log.sapi=64
	7	suhosin.executor.disable_eval=0
	8	suhosin.executor.eval.whitelist=abs,max
	9	--FILE--
	10	<?php
	11	eval('abs(1);
	12	max(1,2);
	13	abs(1);');
	14	?>
	15	--EXPECTF--
	16


diff --git a/tests/executor/eval_whitelist_call_user_func.phpt b/tests/executor/eval_whitelist_call_user_func.phpt new file mode 100644 index 0000000..9ad1912 --- /dev/null +++ b/tests/executor/eval_whitelist_call_user_func.phpt
@@ -0,0 +1,15 @@
	1	--TEST--
	2	Testing: suhosin.executor.eval.whitelist=printf via call_user_func
	3	--SKIPIF--
	4	<?php include "../skipifnotcli.inc"; ?>
	5	--INI--
	6	suhosin.log.sapi=64
	7	suhosin.executor.eval.whitelist=call_user_func
	8	--FILE--
	9	<?php
	10	eval('call_user_func("printf", "hello\n");');
	11	?>
	12	--EXPECTF--
	13	ALERT - eval'd function not whitelisted: printf() (attacker 'REMOTE_ADDR not set', file '%s : eval()'d code', line 1)
	14
	15	Warning: printf() has been disabled for security reasons in %s : eval()'d code on line 1


diff --git a/tests/executor/function_blacklist.phpt b/tests/executor/function_blacklist.phpt new file mode 100644 index 0000000..52ebc8b --- /dev/null +++ b/tests/executor/function_blacklist.phpt
@@ -0,0 +1,21 @@
	1	--TEST--
	2	Testing: suhosin.executor.func.blacklist=max
	3	--SKIPIF--
	4	<?php include "../skipifnotcli.inc"; ?>
	5	--INI--
	6	suhosin.log.sapi=64
	7	suhosin.executor.func.blacklist=max
	8	--FILE--
	9	<?php
	10	echo 'a';
	11	abs(1);
	12	echo 'b';
	13	max(1,2);
	14	echo 'c';
	15	abs(1);
	16	echo 'd';
	17	?>
	18	--EXPECTF--
	19	abALERT - function blacklisted: max() (attacker 'REMOTE_ADDR not set', file '%s', line 5)
	20
	21	Warning: max() has been disabled for security reasons in %s on line 5


diff --git a/tests/executor/function_blacklist_printf.phpt b/tests/executor/function_blacklist_printf.phpt new file mode 100644 index 0000000..f60f938 --- /dev/null +++ b/tests/executor/function_blacklist_printf.phpt
@@ -0,0 +1,15 @@
	1	--TEST--
	2	Testing: suhosin.executor.func.blacklist=printf
	3	--SKIPIF--
	4	<?php include "../skipifnotcli.inc"; ?>
	5	--INI--
	6	suhosin.log.sapi=64
	7	suhosin.executor.func.blacklist=printf
	8	--FILE--
	9	<?php
	10	call_user_func("printf", "hello\n");
	11	?>
	12	--EXPECTF--
	13	ALERT - function blacklisted: printf() (attacker 'REMOTE_ADDR not set', file '%s', line 2)
	14
	15	Warning: printf() has been disabled for security reasons in %s on line 2


diff --git a/tests/executor/function_blacklist_printf_function_exists.phpt b/tests/executor/function_blacklist_printf_function_exists.phpt new file mode 100644 index 0000000..2fe9d33 --- /dev/null +++ b/tests/executor/function_blacklist_printf_function_exists.phpt
@@ -0,0 +1,22 @@
	1	--TEST--
	2	Testing: suhosin.executor.func.blacklist=printf with function_exists()
	3	--SKIPIF--
	4	<?php include "../skipifnotcli.inc"; ?>
	5	--INI--
	6	suhosin.log.sapi=64
	7	suhosin.executor.func.blacklist=printf,max
	8	--FILE--
	9	<?php
	10	var_dump(function_exists("abs"));
	11	var_dump(function_exists("max"));
	12	var_dump(function_exists("ord"));
	13	var_dump(function_exists("printf"));
	14	var_dump(function_exists("chr"));
	15	?>
	16	--EXPECTF--
	17	bool(true)
	18	bool(false)
	19	bool(true)
	20	bool(false)
	21	bool(true)
	22


diff --git a/tests/executor/function_call_user_func.phpt b/tests/executor/function_call_user_func.phpt new file mode 100644 index 0000000..8a229d4 --- /dev/null +++ b/tests/executor/function_call_user_func.phpt
@@ -0,0 +1,12 @@
	1	--TEST--
	2	Testing if call_user_func() actually works
	3	--SKIPIF--
	4	<?php include "../skipifnotcli.inc"; ?>
	5	--INI--
	6	suhosin.log.sapi=64
	7	--FILE--
	8	<?php
	9	call_user_func("printf", "hello\n");
	10	?>
	11	--EXPECTF--
	12	hello \ No newline at end of file


diff --git a/tests/executor/function_whitelist.phpt b/tests/executor/function_whitelist.phpt new file mode 100644 index 0000000..2e9fee4 --- /dev/null +++ b/tests/executor/function_whitelist.phpt
@@ -0,0 +1,17 @@
	1	--TEST--
	2	Testing: suhosin.executor.func.whitelist=abs
	3	--SKIPIF--
	4	<?php include "../skipifnotcli.inc"; ?>
	5	--INI--
	6	suhosin.log.sapi=64
	7	suhosin.executor.func.whitelist=abs
	8	--FILE--
	9	<?php
	10	abs(1);
	11	max(1,2);
	12	abs(1);
	13	?>
	14	--EXPECTF--
	15	ALERT - function not whitelisted: max() (attacker 'REMOTE_ADDR not set', file '%s', line 3)
	16
	17	Warning: max() has been disabled for security reasons in %s on line 3


diff --git a/tests/executor/function_whitelist_absmax.phpt b/tests/executor/function_whitelist_absmax.phpt new file mode 100644 index 0000000..f240e69 --- /dev/null +++ b/tests/executor/function_whitelist_absmax.phpt
@@ -0,0 +1,15 @@
	1	--TEST--
	2	Testing: suhosin.executor.func.whitelist=abs,max
	3	--SKIPIF--
	4	<?php include "../skipifnotcli.inc"; ?>
	5	--INI--
	6	suhosin.log.sapi=64
	7	suhosin.executor.func.whitelist=abs,max
	8	--FILE--
	9	<?php
	10	abs(1);
	11	max(1,2);
	12	abs(1);
	13	?>
	14	--EXPECTF--
	15


diff --git a/tests/executor/function_whitelist_call_user_func.phpt b/tests/executor/function_whitelist_call_user_func.phpt new file mode 100644 index 0000000..e86380c --- /dev/null +++ b/tests/executor/function_whitelist_call_user_func.phpt
@@ -0,0 +1,15 @@
	1	--TEST--
	2	Testing: suhosin.executor.func.whitelist=call_user_func
	3	--SKIPIF--
	4	<?php include "../skipifnotcli.inc"; ?>
	5	--INI--
	6	suhosin.log.sapi=64
	7	suhosin.executor.func.whitelist=call_user_func
	8	--FILE--
	9	<?php
	10	call_user_func("printf", "hello\n");
	11	?>
	12	--EXPECTF--
	13	ALERT - function not whitelisted: printf() (attacker 'REMOTE_ADDR not set', file '%s', line 2)
	14
	15	Warning: printf() has been disabled for security reasons in %s on line 2


diff --git a/tests/executor/function_whitelist_function_exists.phpt b/tests/executor/function_whitelist_function_exists.phpt new file mode 100644 index 0000000..bc515ab --- /dev/null +++ b/tests/executor/function_whitelist_function_exists.phpt
@@ -0,0 +1,22 @@
	1	--TEST--
	2	Testing: suhosin.executor.func.whitelist with function_exists()
	3	--SKIPIF--
	4	<?php include "../skipifnotcli.inc"; ?>
	5	--INI--
	6	suhosin.log.sapi=64
	7	suhosin.executor.func.whitelist=printf,max,function_exists,var_dump
	8	--FILE--
	9	<?php
	10	var_dump(function_exists("abs"));
	11	var_dump(function_exists("max"));
	12	var_dump(function_exists("ord"));
	13	var_dump(function_exists("printf"));
	14	var_dump(function_exists("chr"));
	15	?>
	16	--EXPECTF--
	17	bool(false)
	18	bool(true)
	19	bool(false)
	20	bool(true)
	21	bool(false)
	22


diff --git a/tests/executor/function_whitelist_maxabs.phpt b/tests/executor/function_whitelist_maxabs.phpt new file mode 100644 index 0000000..88a356e --- /dev/null +++ b/tests/executor/function_whitelist_maxabs.phpt
@@ -0,0 +1,15 @@
	1	--TEST--
	2	Testing: suhosin.executor.func.whitelist=max,abs
	3	--SKIPIF--
	4	<?php include "../skipifnotcli.inc"; ?>
	5	--INI--
	6	suhosin.log.sapi=64
	7	suhosin.executor.func.whitelist=max,abs
	8	--FILE--
	9	<?php
	10	abs(1);
	11	max(1,2);
	12	abs(1);
	13	?>
	14	--EXPECTF--
	15


diff --git a/tests/executor/function_whitelist_without_function_exists.phpt b/tests/executor/function_whitelist_without_function_exists.phpt new file mode 100644 index 0000000..383a7c6 --- /dev/null +++ b/tests/executor/function_whitelist_without_function_exists.phpt
@@ -0,0 +1,19 @@
	1	--TEST--
	2	Testing: suhosin.executor.func.whitelist without function_exists()
	3	--SKIPIF--
	4	<?php include "../skipifnotcli.inc"; ?>
	5	--INI--
	6	suhosin.log.sapi=64
	7	suhosin.executor.func.whitelist=printf,max,var_dump
	8	--FILE--
	9	<?php
	10	var_dump(function_exists("abs"));
	11	var_dump(function_exists("max"));
	12	var_dump(function_exists("ord"));
	13	var_dump(function_exists("printf"));
	14	var_dump(function_exists("chr"));
	15	?>
	16	--EXPECTF--
	17	ALERT - function not whitelisted: function_exists() (attacker 'REMOTE_ADDR not set', file '%s', line 2)
	18
	19	Warning: function_exists() has been disabled for security reasons in %s on line 2