1--TEST-- 2Testing null byte injection in imagegd 3--CLEAN-- 4$tempdir = sys_get_temp_dir(). '/php-gdtest'; 5foreach (glob($tempdir . "/test*") as $file ) { unlink($file); } 6rmdir($tempdir); 7--FILE-- 8<?php 9$image = imagecreate(1,1);// 1px image 10 11 12$tempdir = sys_get_temp_dir(). '/php-gdtest'; 13if (!file_exists($tempdir) && !is_dir($tempdir)) { 14 mkdir ($tempdir, 0777, true); 15} 16 17$userinput = "1\0"; // from post or get data 18$temp = $tempdir. "/test" . $userinput .".tmp"; 19 20echo "\nimagegd TEST\n"; 21imagegd($image, $temp); 22var_dump(file_exists($tempdir. "/test1")); 23var_dump(file_exists($tempdir. "/test1.tmp")); 24foreach (glob($tempdir . "/test*") as $file ) { unlink($file); } 25 26--EXPECTF-- 27imagegd TEST 28 29Warning: imagegd() expects parameter 2 to be a valid path, string given in %s on line %d 30bool(false) 31bool(false) 32