1--TEST-- 2Testing null byte injection in imagejpeg 3--CLEAN-- 4$tempdir = sys_get_temp_dir(). '/php-gdtest'; 5foreach (glob($tempdir . "/test*") as $file ) { unlink($file); } 6rmdir($tempdir); 7--SKIPIF-- 8<?php 9$support = gd_info(); 10if (!isset($support['JPEG Support']) || $support['JPEG Support'] === false) { 11 print 'skip jpeg support not available'; 12} 13?> 14--FILE-- 15<?php 16$image = imagecreate(1,1);// 1px image 17 18 19$tempdir = sys_get_temp_dir(). '/php-gdtest'; 20if (!file_exists($tempdir) && !is_dir($tempdir)) { 21 mkdir ($tempdir, 0777, true); 22} 23 24$userinput = "1\0"; // from post or get data 25$temp = $tempdir. "/test" . $userinput .".tmp"; 26 27echo "\nimagejpeg TEST\n"; 28imagejpeg($image, $temp); 29var_dump(file_exists($tempdir. "/test1")); 30var_dump(file_exists($tempdir. "/test1.tmp")); 31foreach (glob($tempdir . "/test*") as $file ) { unlink($file); } 32 33--EXPECTF-- 34imagejpeg TEST 35 36Warning: imagejpeg(): Invalid 2nd parameter, filename must not contain null bytes in %s on line %d 37bool(false) 38bool(false) 39
