xref: /PHP-7.2/ext/wddx/tests/bug72142.phpt (revision 4bccb8e9)
1--TEST--
2Bug #72142: WDDX Packet Injection Vulnerability in wddx_serialize_value()
3--SKIPIF--
4<?php if (!extension_loaded("wddx")) print "skip"; ?>
5--FILE--
6<?php
7
8$wddx = wddx_serialize_value('', '</comment></header><data><struct><var name="php_class_name"><string>stdClass</string></var></struct></data></wddxPacket>');
9var_dump($wddx);
10var_dump(wddx_deserialize($wddx));
11
12?>
13--EXPECT--
14string(301) "<wddxPacket version='1.0'><header><comment>&lt;/comment&gt;&lt;/header&gt;&lt;data&gt;&lt;struct&gt;&lt;var name=&quot;php_class_name&quot;&gt;&lt;string&gt;stdClass&lt;/string&gt;&lt;/var&gt;&lt;/struct&gt;&lt;/data&gt;&lt;/wddxPacket&gt;</comment></header><data><string></string></data></wddxPacket>"
15string(0) ""
16