1--TEST-- 2Testing null byte injection in imagebmp 3--SKIPIF-- 4<?php 5if(!extension_loaded('gd')) die('skip gd extension not available'); 6if (!gd_info()['BMP Support']) die('skip BMP support not available'); 7?> 8--FILE-- 9<?php 10$image = imagecreate(1,1);// 1px image 11try { 12 imagebmp($image, "./foo\0bar"); 13} catch (TypeError $e) { 14 echo $e->getMessage(), "\n"; 15} 16?> 17--EXPECT-- 18imagebmp(): Argument #2 ($file) must not contain null bytes 19