1--TEST-- 2Testing null byte injection in imagepng 3--CLEAN-- 4$tempdir = sys_get_temp_dir(). '/php-gdtest'; 5foreach (glob($tempdir . "/test*") as $file ) { unlink($file); } 6rmdir($tempdir); 7--SKIPIF-- 8<?php 9if(!extension_loaded('gd')){ die('skip gd extension not available'); } 10$support = gd_info(); 11if (!isset($support['PNG Support']) || $support['PNG Support'] === false) { 12 print 'skip png support not available'; 13} 14?> 15--FILE-- 16<?php 17$image = imagecreate(1,1);// 1px image 18 19 20$tempdir = sys_get_temp_dir(). '/php-gdtest'; 21if (!file_exists($tempdir) && !is_dir($tempdir)) { 22 mkdir ($tempdir, 0777, true); 23} 24 25$userinput = "1\0"; // from post or get data 26$temp = $tempdir. "/test" . $userinput .".tmp"; 27 28echo "\nimagepng TEST\n"; 29imagepng($image, $temp); 30var_dump(file_exists($tempdir. "/test1")); 31var_dump(file_exists($tempdir. "/test1.tmp")); 32foreach (glob($tempdir . "/test*") as $file ) { unlink($file); } 33 34--EXPECTF-- 35imagepng TEST 36 37Warning: imagepng(): Invalid 2nd parameter, filename must not contain null bytes in %s on line %d 38bool(false) 39bool(false) 40
