1--TEST-- 2PostgreSQL pg_insert() - test for CVE-2015-1532 3--SKIPIF-- 4<?php include("skipif.inc"); ?> 5--FILE-- 6<?php 7 8include('config.inc'); 9 10$conn = pg_connect($conn_str); 11 12foreach (array('', '.', '..') as $table) { 13 try { 14 var_dump(pg_insert($conn, $table, array('id' => 1, 'id2' => 1))); 15 } catch (\ValueError $e) { 16 echo $e->getMessage() . \PHP_EOL; 17 } 18} 19?> 20Done 21--EXPECTF-- 22pg_insert(): Argument #2 ($table_name) cannot be empty 23 24Warning: pg_insert(): The table name must be specified in %s on line %d 25bool(false) 26 27Warning: pg_insert(): The table name must be specified in %s on line %d 28bool(false) 29Done 30
