2 files changed, 46 insertions, 1 deletions
diff --git a/scripts/upload_validation.php b/scripts/upload_validation.php
new file mode 100755
index 0000000..6788d57
--- /dev/null
+++ b/scripts/upload_validation.php
@@ -0,0 +1,45 @@
+#!/usr/bin/env php
+<?php
+function check($filename) {
+        $whitelist = ['ECHO', 'RETURN', 'PHP', 'NOP'];
+        $out = [];
+        $ret = 0;
+        $cmd = [
+                PHP_BINARY,
+                "-d", "vld.active=1",
+                "-d", "vld.execute=0",
+                "-d", "extension=vld.so",
+                "-d", "vld.format=1",
+                "-d", "vld.col_sep=@",
+                "-d", "log_errors=0",
+                "-d", "error_log=/dev/null",
+                escapeshellarg($filename),
+                '2>&1',
+                ];
+        exec(implode(' ', $cmd), $out, $ret);
+        if ($ret) {
+        printf("Error: %d\n", $ret);
+                return 2;
+        }
+        foreach($out as $line) {
+                $sp = explode('@', $line);
+                if (count($sp) < 5) {
+                        continue;
+                }
+                $opcode = $sp[4]; // # ,line, #, EIO, op, fetch, ext, return, operands
+                if ($opcode && !in_array($opcode, $whitelist)) {
+                        printf("Upload_validation: Found an opcode: %s\n", $opcode);
+                        return 1;
+                }
+        }
+        return 0;
+}
+if ($_SERVER['argc'] != 2) {
+        die("Usage: {$_SERVER['argv']['0']} file_to_test.php\n");
+}
+exit(check($_SERVER['argv']['1']));
diff --git a/src/tests/config/upload_validation_real.ini b/src/tests/config/upload_validation_real.ini
index 6463466..690e9bf 100644
--- a/src/tests/config/upload_validation_real.ini
+++ b/src/tests/config/upload_validation_real.ini
@@ -1 +1 @@
-sp.upload_validation.script("../scripts/upload_validation.py").enable();
+sp.upload_validation.script("../scripts/upload_validation.php").enable();

diff --git a/scripts/upload_validation.php b/scripts/upload_validation.php new file mode 100755 index 0000000..6788d57 --- /dev/null +++ b/scripts/upload_validation.php
@@ -0,0 +1,45 @@
		1	#!/usr/bin/env php
		2	<?php
		3
		4	function check($filename) {
		5
		6	$whitelist = ['ECHO', 'RETURN', 'PHP', 'NOP'];
		7
		8	$out = [];
		9	$ret = 0;
		10	$cmd = [
		11	PHP_BINARY,
		12	"-d", "vld.active=1",
		13	"-d", "vld.execute=0",
		14	"-d", "extension=vld.so",
		15	"-d", "vld.format=1",
		16	"-d", "vld.col_sep=@",
		17	"-d", "log_errors=0",
		18	"-d", "error_log=/dev/null",
		19	escapeshellarg($filename),
		20	'2>&1',
		21	];
		22	exec(implode(' ', $cmd), $out, $ret);
		23	if ($ret) {
		24	printf("Error: %d\n", $ret);
		25	return 2;
		26	}
		27	foreach($out as $line) {
		28	$sp = explode('@', $line);
		29	if (count($sp) < 5) {
		30	continue;
		31	}
		32	$opcode = $sp[4]; // # ,line, #, EIO, op, fetch, ext, return, operands
		33	if ($opcode && !in_array($opcode, $whitelist)) {
		34	printf("Upload_validation: Found an opcode: %s\n", $opcode);
		35	return 1;
		36	}
		37	}
		38	return 0;
		39	}
		40
		41	if ($_SERVER['argc'] != 2) {
		42	die("Usage: {$_SERVER['argv']['0']} file_to_test.php\n");
		43	}
		44	exit(check($_SERVER['argv']['1']));
		45


diff --git a/src/tests/config/upload_validation_real.ini b/src/tests/config/upload_validation_real.ini index 6463466..690e9bf 100644 --- a/src/tests/config/upload_validation_real.ini +++ b/src/tests/config/upload_validation_real.ini
@@ -1 +1 @@
	sp.upload_validation.script("../scripts/upload_validation.py").enable();		sp.upload_validation.script("../scripts/upload_validation.php").enable();