1--TEST-- 2Testing null byte injection in imagegd2 3--SKIPIF-- 4<?php 5 if(!extension_loaded('gd')){ die('skip gd extension not available'); } 6?> 7--CLEAN-- 8$tempdir = sys_get_temp_dir(). '/php-gdtest'; 9foreach (glob($tempdir . "/test*") as $file ) { unlink($file); } 10rmdir($tempdir); 11--FILE-- 12<?php 13$image = imagecreate(1,1);// 1px image 14 15 16$tempdir = sys_get_temp_dir(). '/php-gdtest'; 17if (!file_exists($tempdir) && !is_dir($tempdir)) { 18 mkdir ($tempdir, 0777, true); 19} 20 21$userinput = "1\0"; // from post or get data 22$temp = $tempdir. "/test" . $userinput .".tmp"; 23 24echo "\nimagegd2 TEST\n"; 25imagegd2($image, $temp); 26var_dump(file_exists($tempdir. "/test1")); 27var_dump(file_exists($tempdir. "/test1.tmp")); 28foreach (glob($tempdir . "/test*") as $file ) { unlink($file); } 29 30--EXPECTF-- 31imagegd2 TEST 32 33Warning: imagegd2() expects parameter 2 to be a valid path, string given in %s on line %d 34bool(false) 35bool(false) 36